www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <d...@muse.net.nz>
Subject Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer
Date Thu, 19 Jan 2012 20:46:00 GMT
On 19 January 2012 20:49, William A. Rowe Jr. <wrowe@apache.org> wrote:
> Taking a closer look at pg 3...
>
> We will need to consider how this differs from our traditional
> method of signing.  The flowchart is fairly clear.  It appears
> that at any given time authorized users can upload an object
> for signing, and obtain back either a dev, test or release signed
> package.
>
> The question is, for our purposes, will we simply jump straight
> to the release signed package for voting?  Or do we want to take
> advantage of that test flavor?
>
> Perhaps we'll have to put it in motion, either as a beta experiment
> or simply adopt it.  Because the ASF is very close to releasing
>
> Any updates on the new .jar signing service features now that we
> are in 2012?

I'm happy to try out the 2-phase process if there's a need for it in
the ASF in general. For CouchDB purposes, it will be sufficient to
sign directly - it will be a significant improvement over where we are
today.

A+
Dave

Mime
View raw message