www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer
Date Fri, 02 Mar 2012 18:21:26 GMT
Hi,

The OpenOffice podling has a need to digitally sign AOO windows installers - .msi.

Is this process going forward? If so, what would the PPMC / IPMC need to do?

We would very likely use the dev, test, and release flavors. We already have developer builds
and are now considering RC builds.

Best Regards,
Dave

On Jan 19, 2012, at 12:46 PM, Dave Cottlehuber wrote:

> On 19 January 2012 20:49, William A. Rowe Jr. <wrowe@apache.org> wrote:
>> Taking a closer look at pg 3...
>> 
>> We will need to consider how this differs from our traditional
>> method of signing.  The flowchart is fairly clear.  It appears
>> that at any given time authorized users can upload an object
>> for signing, and obtain back either a dev, test or release signed
>> package.
>> 
>> The question is, for our purposes, will we simply jump straight
>> to the release signed package for voting?  Or do we want to take
>> advantage of that test flavor?
>> 
>> Perhaps we'll have to put it in motion, either as a beta experiment
>> or simply adopt it.  Because the ASF is very close to releasing
>> 
>> Any updates on the new .jar signing service features now that we
>> are in 2012?
> 
> I'm happy to try out the 2-phase process if there's a need for it in
> the ASF in general. For CouchDB purposes, it will be sufficient to
> sign directly - it will be a significant improvement over where we are
> today.
> 
> A+
> Dave


Mime
View raw message