www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <scott.de...@gmail.com>
Subject Re: Official code signing certificate
Date Fri, 24 May 2013 16:59:18 GMT
Logging Services has a simple requirement:

Have the Chainsaw build artifacts signed by a Java code signing cert
that is signed by a trusted/root CA so the jars can be downloaded via
WebStart without the user receiving a warning that the signed jars
aren't trusted.

The Chainsaw maven script supports signing jars - infra just needs to
point it to the cert.

I don't know whether or not an ASF-wide Java code signing cert makes
sense or a Logging Services-specific Java code signing cert makes
sense.  I don't even know if it is possible to have TLP-specific Java
code signing certs.  I defer to infra on that decision.

I believe the code signing service WRowe described will meet our
requirements.  Hopefully infra can spend some time looking at the
service and see how it can meet their requirements.

Logging Services would like to be a guinea pig for the Java code
signing service WRowe described above.  If there are additional
details needed by infra, we are happy to provide them.



On 4/12/13, sebb <sebbaz@gmail.com> wrote:
> You are now in http://wiki.apache.org/general/ContributorsGroup
> On 12 April 2013 17:32, William A. Rowe Jr. <wrowe@rowe-clan.net> wrote:
>> On Fri, 12 Apr 2013 10:47:29 -0500
>> "William A. Rowe Jr." <wrowe@rowe-clan.net> wrote:
>> > On Tue, 26 Mar 2013 00:56:06 +0200
>> > Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
>> >
>> > > Can you write this all down somewhere?  A wiki page maybe
>> >
>> > http://wiki.apache.org/general/ASFCodeSigning
>> Could one of the page editors please grant WilliamARoweJr some
>> karma?  I'll document the first-draft approach and the Symantec
>> service-based approach.

View raw message