www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Ruby <ru...@intertwingly.net>
Subject Re: Official code signing certificate
Date Sat, 23 Jun 2012 16:33:42 GMT
On Sat, Jun 23, 2012 at 11:34 AM, Rob Weir <robweir@apache.org> wrote:
> OK.  I agree that this would be much harder for Infra to do code
> signing than it would be for the PMC's to do this.

I'll note that I said nothing of the sort.

To recap: any and all requests for the ASF infrastructure team to
provide a web service to sign an arbitrary binary on behalf of the ASF
will be rejected.  Instead, projects are encouraged to design a
process by which [P]PMCs can request a build of an specified tag from
source with the expectation that the outcome will be a signed binary
that the project can evaluate and chose to release.

- Sam Ruby

View raw message