www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <scott.de...@gmail.com>
Subject Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer
Date Wed, 15 Aug 2012 23:49:17 GMT
Chainsaw also has a need to deliver a Mac image (DMG) as well as signed
jars for web start deployment.  I assume the DMG would need the same
support mentioned for Mountain Lion.

Scott

On Wed, Aug 15, 2012 at 4:38 PM, Dave Fisher <dave2wave@comcast.net> wrote:

> Hi Tony,
>
> The bounds are very tight. I thought that J├╝rgen was pretty clear about
> how the reality of the current build makes it difficult to create a bot to
> do this. His proposal is essentially special buildbots under infra's
> control.
>
> Perhaps if AOO had all the various requested buildbots we might figure out
> how to make the proposed special buildbot that only infra can control
> because it has these special certificates.
>
> I think that Flex will want both Windows and Mac buildbots as well.
>
> INFRA-4902 Create Mac buildbot
>
> (I just entered perl / cpan hell and going into time machine due to a
> missing prerequisite in the AOO 3.4.1 RC that we are voting on. A working
> buildbot would have caught this issue.)
>
> BTW - Mountain Lion is requiring Signing Certs from Apple and not others.
> (It's what I hear on the street, am I wrong Dean and Richard?)
>
> Does it make sense to proceed with platforms that are needed for CI and
> where the signing solution would possibly "live."
>
> Regards,
> Dave
>
> On Aug 15, 2012, at 3:20 PM, Tony Stevenson wrote:
>
> >
> >
> > Sent from my iPad
> >
> > On 15 Aug 2012, at 23:09, Om <bigosmallm@gmail.com> wrote:
> >
> >> On Thu, Jul 19, 2012 at 3:12 PM, Dave Fisher <dave2wave@comcast.net>
> wrote:
> >>
> >>>
> >>> On Jul 19, 2012, at 11:16 AM, Om wrote:
> >>>
> >>> On Thu, Jul 19, 2012 at 6:50 AM, Richard Hall <
> Richard_Hall@symantec.com>wrote:
> >>>
> >>>> Hi Dave,
> >>>>
> >>>> Our hosted signing service does not currently provide the ability to
> sign
> >>>> Air applications, but we do offer Code Signing certs for Adobe Air
> from our
> >>>> website:
> >>>>
> >>>> http://www.symantec.com/verisign/code-signing/adobe-air
> >>>>
> >>>> Would this work for you?  Please let us know if you have any
> questions.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Rich
> >>>>
> >>>>
> >>> Rich,
> >>>
> >>> This would work perfectly fine for us.
> >>>
> >>>
> >>> Om,
> >>>
> >>> And now the question is for the Apache Infrastructure team. Assuming
> that
> >>> an apache.org certificate for signing AIr applications is purchased
> The
> >>> ASF how will it be handled? And that is the other thread.
> >>>
> >>> Thanks,
> >>> Dave
> >>>
> >>>
> >> Do we know if there has been any work/discussion on this?  We are
> preparing
> >> our installer app for release and valid certificate would be very good
> to
> >> have.
> >>
> >> What should I (or infra) do to get this certificate approved and
> purchased
> >> for us by us?  How can I help speed up this process?
> >>
> >> Thanks,
> >> Om
> >
> >
> > Om,
> >
> > We, infra, are still waiting for someone to come to us with a proposal
> on how to deploy this within the bounds we have laid out several times both
> here and in Jira. We won't just randomly set something up.
> >
> > Unto, we are receipt of such, and we have had a chance to review the
> same we won't be purchasing any such certificate, and no project should be
> going direct to any supplier to do the same. There are very real concerns
> we have and we want to see them fully addressed before proceeding.
> >
> > To be clear, this needs to stop at this juncture until we ae happy to
> proceed. If you require this for delivery of a binary installer, can I
> suggest that you and your project, perhaps in conjunction with another
> projects come up with this plan we have asked for.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message