From dev-return-49053-archive-asf-public=cust-asf.ponee.io@couchdb.apache.org Thu Feb 13 16:57:06 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id A9FE01802C7 for ; Thu, 13 Feb 2020 17:57:05 +0100 (CET) Received: (qmail 36365 invoked by uid 500); 13 Feb 2020 16:57:05 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 36353 invoked by uid 99); 13 Feb 2020 16:57:04 -0000 Received: from Unknown (HELO mailrelay1-lw-us.apache.org) (10.10.3.159) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Feb 2020 16:57:04 +0000 Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com [66.111.4.228]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id A68572233 for ; Thu, 13 Feb 2020 16:57:04 +0000 (UTC) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailauth.nyi.internal (Postfix) with ESMTP id 7944D21F32 for ; Thu, 13 Feb 2020 11:57:04 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 13 Feb 2020 11:57:04 -0500 X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrieekgdeliecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephfgtgfgguffffhfvjgfkofesthhqmh dthhdtjeenucfhrhhomheptegurghmucfmohgtohhlohhskhhiuceokhhotgholhhoshhk segrphgrtghhvgdrohhrgheqnecukfhppeduvdelrdeguddrkeejrdeinecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepkhhotgholhhoshhkodhm vghsmhhtphgruhhthhhpvghrshhonhgrlhhithihqdelkedvieegheeitddqudehheeije ejheegqdhkohgtohhlohhskheppegrphgrtghhvgdrohhrghesfhgrshhtmhgrihhlrdgt ohhm X-ME-Proxy: Received: from kocolosk.charlotte.ibm.com (unknown [129.41.87.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 3BD1C3280067 for ; Thu, 13 Feb 2020 11:57:04 -0500 (EST) From: Adam Kocoloski Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Re: Mac/Win Binary Downloads Date: Thu, 13 Feb 2020 11:57:03 -0500 References: <4C81C98C-574D-4876-B472-CDA36C8569E8@apache.org> To: dev@couchdb.apache.org In-Reply-To: <4C81C98C-574D-4876-B472-CDA36C8569E8@apache.org> Message-Id: <2BF59B87-CCA3-43DC-9038-B0F5AA8856F4@apache.org> X-Mailer: Apple Mail (2.3608.60.0.2.5) Fine by me, thanks for the heads up. Adam > On Feb 13, 2020, at 10:18 AM, Jan Lehnardt wrote: >=20 > Hey all, >=20 > I=E2=80=99m planning a change to the Mac downloads for CouchDB with = the 3.0 release. >=20 > Since Apple will require their variant of code signing called = Notarization > for all software that is supposed to run on the next version of macOS, = and > since I assume we want to continue to run on those systems, we need to = go > about this. >=20 > I=E2=80=99m happy to offer my company (Neighbourhoodie) to be the = arbiter for signing > the Mac binaries, since that is infrastructure that we already have in = place > and we don=E2=80=99t have to try and figure out how to do this within = the ASF. >=20 > To make sure folks aren=E2=80=99t weirded out by getting binaries = signed by an org > that is not the ASF, I propose to move the actual binary downloads to = our > company website and link to that from c.a.o for folks who want to = download. > That page can then explain the circumstances and we can make sure = nobody is > spooked by the experience. >=20 > Joan tells me that similar shenanigans are on the horizon for Windows, = so > I suggest we=E2=80=99ll just do this in one go now. That, plus NH is = effectively > funding the development and maintenance of the binary downloads, so we = may > as well embrace them properly. >=20 > The binaries will be hosted on a highly available object store on the = public > internet and we=E2=80=99ll cover all uptime and bandwidth usage = considerations. And > the repos that lead to the creation of the binaries will remain open = source > for anyone to validate our work independently. >=20 > I don=E2=80=99t think this warrants a vote, but I=E2=80=99m happy to = hear about any thoughts > you might have on this. >=20 > Best > Jan > =E2=80=94