tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Code signing service restored
Date Fri, 15 Sep 2017 15:40:09 GMT

On 9/13/17 2:09 PM, Mark Thomas wrote:
> FYI but mainly for anyone doing a release, the code signing service is
> available again. The account has been renewed for another year and we
> (Tomcat) have enough credits to keep us going for a while. I'll keep an
> eye on our credit usage and get our allocation increased if we need more.

IIRC, Symantec was the vendor providing code-signing certificates.

Are those certificates impacted by the impending dis-trusting of
Symantec-issued TLS certificates?

DigiCert is purchasing (has purchased?) Symantec's various CAs, and that
also might have an effect on (a) the trust of our
certificates/signatures and (b) the future of the code-signing
arrangement with the new vendor.

I suspect DigiCert will be happy to continue to provide ASF with
low/no-cost code-signing credits, but it might be nice to have that
clarified sooner rather than later.


View raw message