www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Schmidt <jogischm...@gmail.com>
Subject Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer
Date Thu, 16 Aug 2012 07:08:08 GMT
On 8/16/12 1:38 AM, Dave Fisher wrote:
> Hi Tony,
> 
> The bounds are very tight. I thought that Jürgen was pretty clear about how the reality
of the current build makes it difficult to create a bot to do this. His proposal is essentially
special buildbots under infra's control.
> 
> Perhaps if AOO had all the various requested buildbots we might figure out how to make
the proposed special buildbot that only infra can control because it has these special certificates.
> 
it can be a duplicate image of the Windows build bot where the
certificate is installed. The builds have to be triggered by someone who
have access to this machine. But we can of course automate it probably
to simply start a script and give a revision as input


> I think that Flex will want both Windows and Mac buildbots as well.

AOO in the future as well

> 
> INFRA-4902 Create Mac buildbot
> 
> (I just entered perl / cpan hell and going into time machine due to a missing prerequisite
in the AOO 3.4.1 RC that we are voting on. A working buildbot would have caught this issue.)

What exactly are your problems, which system do you use, Mountian Lion?
Until today I am note aware that anybody has built AOO on Mountain Lion
and even on Lion it requires some work. Apple/MacOS is not really
developer friendly if you don't walk inside the "closed" Apple world ;-)

> 
> BTW - Mountain Lion is requiring Signing Certs from Apple and not others. (It's what
I hear on the street, am I wrong Dean and Richard?)

that's true, signing from Apple or from a developer with a official and
register Apple developer ID. I haven't analyzed the signing process on
Mountain Lion in detail so far but that is on the list.

Juergen

> 
> Does it make sense to proceed with platforms that are needed for CI and where the signing
solution would possibly "live."
> 
> Regards,
> Dave 
> 
> On Aug 15, 2012, at 3:20 PM, Tony Stevenson wrote:
> 
>>
>>
>> Sent from my iPad
>>
>> On 15 Aug 2012, at 23:09, Om <bigosmallm@gmail.com> wrote:
>>
>>> On Thu, Jul 19, 2012 at 3:12 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>>>
>>>>
>>>> On Jul 19, 2012, at 11:16 AM, Om wrote:
>>>>
>>>> On Thu, Jul 19, 2012 at 6:50 AM, Richard Hall <Richard_Hall@symantec.com>wrote:
>>>>
>>>>> Hi Dave,
>>>>>
>>>>> Our hosted signing service does not currently provide the ability to
sign
>>>>> Air applications, but we do offer Code Signing certs for Adobe Air from
our
>>>>> website:
>>>>>
>>>>> http://www.symantec.com/verisign/code-signing/adobe-air
>>>>>
>>>>> Would this work for you?  Please let us know if you have any questions.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Rich
>>>>>
>>>>>
>>>> Rich,
>>>>
>>>> This would work perfectly fine for us.
>>>>
>>>>
>>>> Om,
>>>>
>>>> And now the question is for the Apache Infrastructure team. Assuming that
>>>> an apache.org certificate for signing AIr applications is purchased The
>>>> ASF how will it be handled? And that is the other thread.
>>>>
>>>> Thanks,
>>>> Dave
>>>>
>>>>
>>> Do we know if there has been any work/discussion on this?  We are preparing
>>> our installer app for release and valid certificate would be very good to
>>> have.
>>>
>>> What should I (or infra) do to get this certificate approved and purchased
>>> for us by us?  How can I help speed up this process?
>>>
>>> Thanks,
>>> Om
>>
>>
>> Om, 
>>
>> We, infra, are still waiting for someone to come to us with a proposal on how to
deploy this within the bounds we have laid out several times both here and in Jira. We won't
just randomly set something up. 
>>
>> Unto, we are receipt of such, and we have had a chance to review the same we won't
be purchasing any such certificate, and no project should be going direct to any supplier
to do the same. There are very real concerns we have and we want to see them fully addressed
before proceeding. 
>>
>> To be clear, this needs to stop at this juncture until we ae happy to proceed. If
you require this for delivery of a binary installer, can I suggest that you and your project,
perhaps in conjunction with another projects come up with this plan we have asked for.
> 


Mime
View raw message