Return-Path: X-Original-To: apmail-infrastructure-dev-archive@minotaur.apache.org Delivered-To: apmail-infrastructure-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6DA3ED149 for ; Thu, 16 Aug 2012 17:39:13 +0000 (UTC) Received: (qmail 12848 invoked by uid 500); 16 Aug 2012 17:39:13 -0000 Delivered-To: apmail-infrastructure-dev-archive@apache.org Received: (qmail 12723 invoked by uid 500); 16 Aug 2012 17:39:13 -0000 Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: infrastructure-dev@apache.org Delivered-To: mailing list infrastructure-dev@apache.org Received: (qmail 12711 invoked by uid 99); 16 Aug 2012 17:39:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Aug 2012 17:39:13 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dave2wave@comcast.net designates 76.96.30.16 as permitted sender) Received: from [76.96.30.16] (HELO qmta01.emeryville.ca.mail.comcast.net) (76.96.30.16) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Aug 2012 17:39:06 +0000 Received: from omta09.emeryville.ca.mail.comcast.net ([76.96.30.20]) by qmta01.emeryville.ca.mail.comcast.net with comcast id nPyq1j0060S2fkCA1VemiK; Thu, 16 Aug 2012 17:38:46 +0000 Received: from [192.168.1.2] ([67.180.51.144]) by omta09.emeryville.ca.mail.comcast.net with comcast id nVel1j00D36gVt78VVel4n; Thu, 16 Aug 2012 17:38:46 +0000 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1084) Subject: Re: Proposed: Code (.jar/.msi/binaries) Signing Service Offer From: Dave Fisher In-Reply-To: <502C9C58.3030804@gmail.com> Date: Thu, 16 Aug 2012 10:38:45 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4ED7F6B3.10507@rowe-clan.net> <4EDCE916.9000105@rowe-clan.net> <14D026C7F297AD44AC82578DD818CDD029F1D268EC@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM> <4EDD04C1.3020104@rowe-clan.net> <4FE8E722.5060708@rowe-clan.net> <4FE9D752.7020700@rowe-clan.net> <14D026C7F297AD44AC82578DD818CDD02AE53E5914@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM> <4FEB30AB.2080305@googlemail.com> <4FED025E.30705@rowe-clan.net> <5005E3B0.2060306@rowe-clan.net> <5BC528EA-63E6-441E-942D-4EFB481BCDA7@comcast.net> <8D9B969F-50A0-41A9-9071-D737CE1D30BC@comcast.net> <502C9C58.3030804@gmail.com> To: infrastructure-dev@apache.org X-Mailer: Apple Mail (2.1084) X-Virus-Checked: Checked by ClamAV on apache.org On Aug 16, 2012, at 12:08 AM, J=FCrgen Schmidt wrote: > On 8/16/12 1:38 AM, Dave Fisher wrote: >> Hi Tony, >>=20 >> The bounds are very tight. I thought that J=FCrgen was pretty clear = about how the reality of the current build makes it difficult to create = a bot to do this. His proposal is essentially special buildbots under = infra's control. >>=20 >> Perhaps if AOO had all the various requested buildbots we might = figure out how to make the proposed special buildbot that only infra can = control because it has these special certificates. >>=20 > it can be a duplicate image of the Windows build bot where the > certificate is installed. The builds have to be triggered by someone = who > have access to this machine. But we can of course automate it probably > to simply start a script and give a revision as input Exactly. >=20 >=20 >> I think that Flex will want both Windows and Mac buildbots as well. >=20 > AOO in the future as well Andrew is waiting for the Mac buildbot - here is the buildbot master = JIRA for AOO - INFRA-4197 More Buildbots for Apache OpenOffice >=20 >>=20 >> INFRA-4902 Create Mac buildbot >>=20 >> (I just entered perl / cpan hell and going into time machine due to a = missing prerequisite in the AOO 3.4.1 RC that we are voting on. A = working buildbot would have caught this issue.) >=20 > What exactly are your problems, which system do you use, Mountian = Lion? > Until today I am note aware that anybody has built AOO on Mountain = Lion > and even on Lion it requires some work. Apple/MacOS is not really > developer friendly if you don't walk inside the "closed" Apple world = ;-) I've got past this issue. cpan had its permissions changed removing the = a+x. I had to upgrade LWP::UserAgent in cpan. cpan install only saw I had = LWP::UserAgent and this was missing the show_progress method. I'm on MacOSX 10.6.8 >=20 >>=20 >> BTW - Mountain Lion is requiring Signing Certs from Apple and not = others. (It's what I hear on the street, am I wrong Dean and Richard?) >=20 > that's true, signing from Apple or from a developer with a official = and > register Apple developer ID. I haven't analyzed the signing process on > Mountain Lion in detail so far but that is on the list. My newer Mac is on Lion w/a free Mountain Lion upgrade, but I haven't = had the free time to move everything around as I need more backup disk = space first. And yes this is a detail. >=20 > Juergen >=20 >>=20 >> Does it make sense to proceed with platforms that are needed for CI = and where the signing solution would possibly "live." >>=20 >> Regards, >> Dave=20 >>=20 >> On Aug 15, 2012, at 3:20 PM, Tony Stevenson wrote: >>=20 >>>=20 >>>=20 >>> Sent from my iPad >>>=20 >>> On 15 Aug 2012, at 23:09, Om wrote: >>>=20 >>>> On Thu, Jul 19, 2012 at 3:12 PM, Dave Fisher = wrote: >>>>=20 >>>>>=20 >>>>> On Jul 19, 2012, at 11:16 AM, Om wrote: >>>>>=20 >>>>> On Thu, Jul 19, 2012 at 6:50 AM, Richard Hall = wrote: >>>>>=20 >>>>>> Hi Dave, >>>>>>=20 >>>>>> Our hosted signing service does not currently provide the ability = to sign >>>>>> Air applications, but we do offer Code Signing certs for Adobe = Air from our >>>>>> website: >>>>>>=20 >>>>>> http://www.symantec.com/verisign/code-signing/adobe-air >>>>>>=20 >>>>>> Would this work for you? Please let us know if you have any = questions. >>>>>>=20 >>>>>> Thanks, >>>>>>=20 >>>>>> Rich >>>>>>=20 >>>>>>=20 >>>>> Rich, >>>>>=20 >>>>> This would work perfectly fine for us. >>>>>=20 >>>>>=20 >>>>> Om, >>>>>=20 >>>>> And now the question is for the Apache Infrastructure team. = Assuming that >>>>> an apache.org certificate for signing AIr applications is = purchased The >>>>> ASF how will it be handled? And that is the other thread. >>>>>=20 >>>>> Thanks, >>>>> Dave >>>>>=20 >>>>>=20 >>>> Do we know if there has been any work/discussion on this? We are = preparing >>>> our installer app for release and valid certificate would be very = good to >>>> have. >>>>=20 >>>> What should I (or infra) do to get this certificate approved and = purchased >>>> for us by us? How can I help speed up this process? >>>>=20 >>>> Thanks, >>>> Om >>>=20 >>>=20 >>> Om,=20 >>>=20 >>> We, infra, are still waiting for someone to come to us with a = proposal on how to deploy this within the bounds we have laid out = several times both here and in Jira. We won't just randomly set = something up.=20 >>>=20 >>> Unto, we are receipt of such, and we have had a chance to review the = same we won't be purchasing any such certificate, and no project should = be going direct to any supplier to do the same. There are very real = concerns we have and we want to see them fully addressed before = proceeding.=20 >>>=20 >>> To be clear, this needs to stop at this juncture until we ae happy = to proceed. If you require this for delivery of a binary installer, can = I suggest that you and your project, perhaps in conjunction with another = projects come up with this plan we have asked for. >>=20 >=20