www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Om <bigosma...@gmail.com>
Subject Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer
Date Wed, 15 Aug 2012 22:53:30 GMT
Tony,

On July 13, 2012, J├╝rgen Schmidt from the Apache OOO project made this
proposal: [1]
On July 18, 2012, I followed up with a couple of tweaks to Jurgen's
original proposal so that it works for Apache Flex as well: [2]

Can you please take a look at let me know if this works and what else needs
to be answered?

Thanks,
Om

[1] http://markmail.org/message/2xx5ia72b6xestur
[2] http://markmail.org/message/chupjp5tsuosiu23

On Wed, Aug 15, 2012 at 3:20 PM, Tony Stevenson <pctony@apache.org> wrote:

>
>
> Sent from my iPad
>
> On 15 Aug 2012, at 23:09, Om <bigosmallm@gmail.com> wrote:
>
> > On Thu, Jul 19, 2012 at 3:12 PM, Dave Fisher <dave2wave@comcast.net>
> wrote:
> >
> >>
> >> On Jul 19, 2012, at 11:16 AM, Om wrote:
> >>
> >> On Thu, Jul 19, 2012 at 6:50 AM, Richard Hall <
> Richard_Hall@symantec.com>wrote:
> >>
> >>> Hi Dave,
> >>>
> >>> Our hosted signing service does not currently provide the ability to
> sign
> >>> Air applications, but we do offer Code Signing certs for Adobe Air
> from our
> >>> website:
> >>>
> >>> http://www.symantec.com/verisign/code-signing/adobe-air
> >>>
> >>> Would this work for you?  Please let us know if you have any questions.
> >>>
> >>> Thanks,
> >>>
> >>> Rich
> >>>
> >>>
> >> Rich,
> >>
> >> This would work perfectly fine for us.
> >>
> >>
> >> Om,
> >>
> >> And now the question is for the Apache Infrastructure team. Assuming
> that
> >> an apache.org certificate for signing AIr applications is purchased The
> >> ASF how will it be handled? And that is the other thread.
> >>
> >> Thanks,
> >> Dave
> >>
> >>
> > Do we know if there has been any work/discussion on this?  We are
> preparing
> > our installer app for release and valid certificate would be very good to
> > have.
> >
> > What should I (or infra) do to get this certificate approved and
> purchased
> > for us by us?  How can I help speed up this process?
> >
> > Thanks,
> > Om
>
>
> Om,
>
> We, infra, are still waiting for someone to come to us with a proposal on
> how to deploy this within the bounds we have laid out several times both
> here and in Jira. We won't just randomly set something up.
>
> Unto, we are receipt of such, and we have had a chance to review the same
> we won't be purchasing any such certificate, and no project should be going
> direct to any supplier to do the same. There are very real concerns we have
> and we want to see them fully addressed before proceeding.
>
> To be clear, this needs to stop at this juncture until we ae happy to
> proceed. If you require this for delivery of a binary installer, can I
> suggest that you and your project, perhaps in conjunction with another
> projects come up with this plan we have asked for.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message