www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Schmidt <jogischm...@gmail.com>
Subject Re: Official code signing certificate
Date Fri, 12 Apr 2013 14:06:56 GMT
On 4/12/13 3:08 PM, Ulrich Stärk wrote:
> On 12.04.2013 13:32, Jürgen Schmidt wrote:
>> On 3/26/13 8:58 PM, Daniel Shahaf wrote:
>>> On Fri, Mar 22, 2013 at 06:57:13PM +0200, Daniel Shahaf wrote:
>>>> How about only signing with the real certificate once three PMC members
>>>> PGP-signed the binaries-built-against-the-self-signed-certificate.
>>>
>>> Note that after the binaries-signed-with-the-real-certificate are built, they
>>> ould have to be PGP-signed _again_ before they can be distributed.
>>>
>>> That's because infra has tools and policies around signing that assume PGP, and
>>> we won't be changing them to suit N different ideas by M different PMCs.
>>>
>> adding pgp signature at the final step should be possible, we have to
>> validate the builds anyway.
>>
>> How we can we move forward? I would like suggest that we copy a Windows
>> build bot VM and start working on a real scenario.
>>
>> 1. preparing the AOO build env to sign all necessary files and bits and
>> use a test certificate (provided by the AOO PMC)
>>
>> 2. the test certificate is installed on the test VM
>>
>> 3. we define and work on a process to communicate which revision should
>> be used for the build and how the build is triggered. How the results
>> are provided etc.
>>
>> I believe we have to start working on it now and have to figure out what
>> works best in a practical scenario.
>>
>> What does other think about it?
>>
> 
> I haven't seen Sander's concerns addressed yet. Of course you can start now and build
a test-bed but
> Sander is right when he says that "the signing keys [should be surrounded] with the proper
process
> and equipment".

I think I proposed to start doing exactly this. Start with something
real and stop talking only. I haven't seen any real new information in
the discussion. Valid concerns are repeated again and again but no
practical solution. I have no solution either but I believe we should
start working on it and should try to figure out what can work for us.

Maybe figure out that it have to be a machine physically stored in
someones office who is trusted enough and where the keys are stored on
an encrypted device or whatever. I even don't know for sure.

Or we figure out that ASF is not able to provide a secure infra
structure that can support all requirements. This can be a valid option
as well and then we have to look for another option.

Maybe a partner have a working infra structure and is interested in
helping us and can do the builds for us in a secure environment. I am
personally are open for everything and if I had 400$ I would simply buy
a cert on my own after the PMC and the ASF have approved that I can sign
it.

I can for sure provide AOO builds powered by Juergen Schmidt with a
valid cert. Important is that we have signed builds for our users.


Juergen


Mime
View raw message