www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-11118) Participation in Code Signing by HTTP Server project
Date Fri, 27 May 2016 08:34:12 GMT

    [ https://issues.apache.org/jira/browse/INFRA-11118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303753#comment-15303753
] 

Mark Thomas commented on INFRA-11118:
-------------------------------------

Bill,

The code signing service has been renewed. Do you still want to go ahead with this? If yes.
I'll start the process of getting the httpd PMC set up for code signing with you as the initial
PoC. You can then add more PMC members as required.

> Participation in Code Signing by HTTP Server project
> ----------------------------------------------------
>
>                 Key: INFRA-11118
>                 URL: https://issues.apache.org/jira/browse/INFRA-11118
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Codesigning
>            Reporter: William A. Rowe, Jr.
>            Assignee: Mark Thomas
>
> Raising a ticket to express interest...
> For some time, the value of an ASF shipping Windows httpd binary has been negligible,
as various lgpl and gpl components could be combined by other parties and assembled as a more
complete version of httpd.  It has been a few years since the httpd project has shipped Windows
binaries.
> With the introduction of code signing, this becomes interesting once again for httpd
to ship what are the official sources built for Windows, particularly with the introduction
of a persistent runtime in Visual C 14.  I'm willing to take this on if the Code signing service
agreement can be extended.
> Note that an httpd 2.4 package consists of about 48 programs and dynamic libraries, and
some 108 modules.  Internal to the installer there is a script rewriting binary and the install
package itself, for a total of soon to be 160 signed objects per release.  Releases of 2.4
occur about 4 times a year with releases of the legacy package (2.2 at present) which occur
2 times a year.
> Given the number of components, some batch submission mechanism is required to consider
this effort.
> Please provide feedback about the commitment to renewing the Symantec service, and I
would like to participate in this offering, going forwards, if the commitment is there.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message