Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id CADF8200CE6 for ; Fri, 15 Sep 2017 17:40:17 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C8CC71609D1; Fri, 15 Sep 2017 15:40:17 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 189461609CF for ; Fri, 15 Sep 2017 17:40:16 +0200 (CEST) Received: (qmail 26799 invoked by uid 500); 15 Sep 2017 15:40:14 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 26785 invoked by uid 99); 15 Sep 2017 15:40:14 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Sep 2017 15:40:14 +0000 Received: from Christophers-MacBook-Pro.local (pool-173-66-116-184.washdc.fios.verizon.net [173.66.116.184]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 022701A012B for ; Fri, 15 Sep 2017 15:40:13 +0000 (UTC) Subject: Re: Code signing service restored To: dev@tomcat.apache.org References: <6b7b251d-6cde-dafc-7d7a-b523e0bc50ec@apache.org> From: Christopher Schultz Message-ID: Date: Fri, 15 Sep 2017 11:40:09 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <6b7b251d-6cde-dafc-7d7a-b523e0bc50ec@apache.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="o8pNqBce70PeuKgwnRfMigFSGaWwPXxCW" archived-at: Fri, 15 Sep 2017 15:40:18 -0000 --o8pNqBce70PeuKgwnRfMigFSGaWwPXxCW Content-Type: multipart/mixed; boundary="xjhmafxlFRt1eUaU98qnubb2KWedHxfOJ"; protected-headers="v1" From: Christopher Schultz To: dev@tomcat.apache.org Message-ID: Subject: Re: Code signing service restored References: <6b7b251d-6cde-dafc-7d7a-b523e0bc50ec@apache.org> In-Reply-To: <6b7b251d-6cde-dafc-7d7a-b523e0bc50ec@apache.org> --xjhmafxlFRt1eUaU98qnubb2KWedHxfOJ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Mark, On 9/13/17 2:09 PM, Mark Thomas wrote: > FYI but mainly for anyone doing a release, the code signing service is > available again. The account has been renewed for another year and we > (Tomcat) have enough credits to keep us going for a while. I'll keep an= > eye on our credit usage and get our allocation increased if we need mor= e. IIRC, Symantec was the vendor providing code-signing certificates. Are those certificates impacted by the impending dis-trusting of Symantec-issued TLS certificates? DigiCert is purchasing (has purchased?) Symantec's various CAs, and that also might have an effect on (a) the trust of our certificates/signatures and (b) the future of the code-signing arrangement with the new vendor. I suspect DigiCert will be happy to continue to provide ASF with low/no-cost code-signing credits, but it might be nice to have that clarified sooner rather than later. Thanks, -chris --xjhmafxlFRt1eUaU98qnubb2KWedHxfOJ-- --o8pNqBce70PeuKgwnRfMigFSGaWwPXxCW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZu/RcAAoJEBzwKT+lPKRY4GwP/0IUwZvxSjflmhauvPh1JY0/ 8SBe4EzgS2EledECQNjTsb6iK6BtakNw3ooRIIQceVli/zNt80OVczVKzCufZ3eT JkyJnXz2fLEFVe3BVioeMYjTvgCznbqaNBVxbl07VMe/R0RBaIu2IuSNKSbG6/lV T2EIWQHkLt/AN2D5c1qtRV/jUioPRd2DDbqqw/pZiVHH585MmWVNLij1csfX0hR7 g6CebDodAC0m7Dlx/BeR4OSR4ZX4Ky1/MmDmfJrg4v/lYBCZ1TOtfZT7vFLf+qg3 gtaUsa073k7mHvcDNsARZJw3jgSR/PYfcQBsYJKa0jwZNMEKqq6EwNxh+EzFqHMs jvpUqm26j6S9kvHvOJKKK36niMSWOmoordHJm04EZeRbTTmAD6y+UBTi6NeNEn6D RkAG+8y/bO0EfgF/vVtij1w+izTb1LPP0bB7b8q+UQg/ui7S4QuBFATDAdtaYFmr LI1YJepF6uBAhPYhPp7/hCYe/RTlcJi7HYsYY7T5dNyXVvY1NaN2U5ShKdgSpKoP pCHzG26KduO2dnbrxUcLoTUon9mjqiEqPB5WqzF48iDWU1m5cAajuzN2monb/K0y F1V5XJHmTDJuuZfh0bjS2q4nJS5s79hTHKBcOqVs1+DUsqfwFg9Sv/bUYYgKwuM7 fzkPH3cUaaZejfrAL2Zq =dC/I -----END PGP SIGNATURE----- --o8pNqBce70PeuKgwnRfMigFSGaWwPXxCW--