www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: Official code signing certificate
Date Fri, 12 Apr 2013 16:07:57 GMT
On Fri, 12 Apr 2013 13:32:20 +0200
J├╝rgen Schmidt <jogischmidt@gmail.com> wrote:

> How we can we move forward? I would like suggest that we copy a
> Windows build bot VM and start working on a real scenario.

I'm certain that Infra will insist on an audited VM build.  So it
would be a good idea to build an example VM, but it is much more
important to document every step for building up that box, every
tool and binary which is to be installed on that box with their
sources/origins, so that Infra can follow the process step by step
in creating the 'real' signing box.

Given that it could be as simple as corrupting a single make file
to compromise the key, running builds on the same signing VM seems
somewhat insane; see Sander's well thought out comments and Clint's
observations.

I am aware of applications of automated signing, but I don't know 
of any org which physically does so on the same box as the builds
themselves, they are batched to a signing server with sources.


Mime
View raw message