www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Om <bigosma...@gmail.com>
Subject Re: Apache Flex: Digitally Signing Air Applications
Date Wed, 18 Jul 2012 00:46:21 GMT
On Tue, Jul 17, 2012 at 5:25 PM, Daniel Shahaf <d.s@daniel.shahaf.name>wrote:

> PGP-sign it as well, then.  That's the standard way all artifacts are
> signed (and centrally verified).
>
>
To be clear, are you suggesting that I sign it twice, once using the AIR
signing process and then sign that artifact using the PGP-sign process?
Can you please point me to to some documentation for PGP-signing
artifacts?  Is this typically done by the Release Manager, or can any
committer do this for a release?


> For future reference infra-dev@ is a public list, why didn't you CC
> flex-dev@?
>

Apologies for the confusion.  I was told by our PPMC mentor, Dave Fisher
(cc-ing him here) that infra-dev is a private list.

Thanks,
Om


> Om wrote on Mon, Jul 16, 2012 at 21:26:07 -0700:
> > Hi,
> >
> > As the first release of Apache Flex is being worked on, we are planning
> to
> > put out an installer application written in Flex + AIR as a convenience
> > utility.  This page
> > http://people.apache.org/~bigosmallm/installapacheflex/lets you
> > download a binary file which is the installer.
> >
> > Should the installer be signed in the same way as the Apache Flex SDK
> > binary is signed?  The process for signing AIR apps is described here
> > [1<
> http://livedocs.adobe.com/flex/3/html/help.html?content=distributing_apps_4.html
> >]
> > How do we do this in the Apache way?
> >
> > [1]
> >
> http://livedocs.adobe.com/flex/3/html/help.html?content=distributing_apps_4.html
> >
> > Thanks,
> > Om
> > Apache Flex PPMC Member
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message