www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan i <j...@apache.org>
Subject Re: Discussion on enabling users to specify own machines as dynamic hosts
Date Thu, 17 Apr 2014 16:38:54 GMT
On 17 April 2014 18:29, Alex Harui <aharui@adobe.com> wrote:

>
>
> On 4/17/14 6:35 AM, "jan i" <jani@apache.org> wrote:
>
> >On 17 April 2014 09:49, Andrea Pescetti <pescetti@apache.org> wrote:
> >
> >> Alex Harui wrote:
> >>
> >>> On 4/16/14 11:39 PM, "J├╝rgen Schmidt" wrote:
> >>>
> >>>> We need a reliable build bot systems where we can build the binary
> >>>> releases in a controlled environment. ...
> >>>>
> >>> IMO, you should do that outside of Apache.  Subversion, for example,
> >>>has
> >>> other entities that ship binaries.
> >>>
> >>
> >> In the OpenOffice case convenience binaries have a different importance:
> >> our users expect binaries that are approved by the project too.
> >>Eventually,
> >> we'll want to have digitally signed binaries coming from Apache. And
> >>this
> >> would require using the buildbots, or internal Apache infrastructure
> >> anyway... but this is an entirely different story!
> >>
> >
> >yes its a different story, but just to confirm digital signing will only
> >be
> >available for builds running on infra controlled vms !
> Is ASF Digital Signing actually going to happen?  It hasn't been clear to
> me that everyone on the board thinks it is the right thing to do.
>
Follow INFRA-3991, we are actually quite close.

Tomcat will be the first trial run, then AOO is invited. That gives us the
view of a simple and very complex build process, after that general rollout
can be expected.


>
> I'm not sure Flex will be able to use it since our users really want our
> binaries to bundle proprietary build tools and I'm not sure Apache will
> ever allow that.
>

I am very sure that apache will not sign tools, that are not build from our
own sources.

I assume the flex project only releases sources, and third party makes the
bundling. With/without signing I dont believe ASF allows a project to
include category-x tools in a binary that are sent to the public.

rgds
jan I.


> -Alex
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message