Fine by me, thanks for the heads up. Adam
> On Feb 13, 2020, at 10:18 AM, Jan Lehnardt <j...@apache.org> wrote: > > Hey all, > > I’m planning a change to the Mac downloads for CouchDB with the 3.0 release. > > Since Apple will require their variant of code signing called Notarization > for all software that is supposed to run on the next version of macOS, and > since I assume we want to continue to run on those systems, we need to go > about this. > > I’m happy to offer my company (Neighbourhoodie) to be the arbiter for signing > the Mac binaries, since that is infrastructure that we already have in place > and we don’t have to try and figure out how to do this within the ASF. > > To make sure folks aren’t weirded out by getting binaries signed by an org > that is not the ASF, I propose to move the actual binary downloads to our > company website and link to that from c.a.o for folks who want to download. > That page can then explain the circumstances and we can make sure nobody is > spooked by the experience. > > Joan tells me that similar shenanigans are on the horizon for Windows, so > I suggest we’ll just do this in one go now. That, plus NH is effectively > funding the development and maintenance of the binary downloads, so we may > as well embrace them properly. > > The binaries will be hosted on a highly available object store on the public > internet and we’ll cover all uptime and bandwidth usage considerations. And > the repos that lead to the creation of the binaries will remain open source > for anyone to validate our work independently. > > I don’t think this warrants a vote, but I’m happy to hear about any thoughts > you might have on this. > > Best > Jan > —
