www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clint Modien <cmod...@gmail.com>
Subject Re: Official code signing certificate
Date Mon, 25 Mar 2013 17:27:43 GMT
When I worked on a project for Amazon the binaries were submitted via ssh to the security department
along with an md5 file for each binary.

Before the project started I was required to produce a step by step document for signing the
code. (tools, downloads, setup)

After the binaries were checked against their associated md5 hashes, security then simply
signed the binaries according to the process outlined in the document.

I was told that the cert and private key were kept on a usb stick in a safe and the protocols
surrounding the handling of the usb stick were as strict as those used for nuclear launch
codes.

I feel like the process to sign most code nowadays does not require the cert+key be available
during compilation… but I could be wrong.

On Mar 25, 2013, at 9:06 AM, Rob Weir <robweir@apache.org> wrote:
> 
> I like the idea of having multiple PMC members attest to the RC, by
> signing or whatever.  But we still would need to tie that back to a
> SVN revision number somehow.   In other words, how we do prove the
> revision number that was used to build the RC?
> 
> Perhaps the flow is like this:
> 
> 1) RC built by buildbot and that records the SVN revision.
> 
> 2) Three PMC members sign the RC
> 
> 3) Comparison of the MD5 hashes for the signed RC and the buildbot
> output confirms the revision that was used.
> 
> 4) Infra then releases the signing cert for use by buildbot automation
> to rebuild the same revision
> 


Mime
View raw message