Hi,
This came up during last release, I had raised an infra ticket for
notarization - INFRA-18790
<https://issues.apache.org/jira/browse/INFRA-18790>, but it failed with
a long list of errors.
This needs investigation, I haven't been able to get to it yet.
So, I agree with Geertjan's suggestion to add note that installer works
for 10.13.x and 10.14.x macOS releases and is pending notarization that
is required for 10.15.x release.
Thanks,
Reema
On 28/10/19 5:43 PM, Geertjan Wielenga wrote:
We could add on the Download page that the installer for Mac OSX has been
signed but not notarized (
https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.apple.com_documentation_security_notarizing-5Fyour-5Fapp-5Fbefore-5Fdistribution&d=DwIBaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=AU5axCXNKWDQypYO5D1OcvSHUynS_-Wl1_0S-laIHDc&s=e05RMNxX87RB32yCeA9JWFLooi2yfatEqICXh-ffoTw&e=
).
Unless Reema has a plan or someone has a plan relating to notarization.
Since we have it signed and it seems a lengthy Apple-driven process to
notarize it, I'd argue that so long as we state that clearly, this should
not be a blocker for releasing the installer.
Gj
On Mon, Oct 28, 2019 at 11:36 AM Carl Mosca <carljmo...@gmail.com> wrote:
-1
"Can't be opened because Apple cannot check for malicious software"
On Mon, Oct 28, 2019 at 6:26 AM Neil C Smith <neilcsm...@apache.org>
wrote:
On Mon, 28 Oct 2019 at 09:54, Eric Barboni <sk...@apache.org> wrote:
Sha512 and key from Reema is ok it means this can be released on dist.
Not functional is another point. But Reema can cancel if tester on
MacOS
found issue.
Distribution on dist requires more than that, and we also discussed
requiring more ourselves. The wording that was discussed, that I
thought you said you agreed with, said that all voters must verify all
checksums and keys (including the additional keys in the installers!),
check they function, and verify that they only install artefacts built
from the released sources. I don't see any point in voting on
binaries if we're not requiring checks on all those things that the
PMC must check.
Anyway, let's not hijack the vote thread further on this.
I'd like to hear Reema's opinion on pulling and re-voting on macOS
installers because of the notarization issue though.
Thanks and best wishes,
Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__cwiki.apache.org_confluence_display_NETBEANS_Mailing-2Blists&d=DwIBaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=AU5axCXNKWDQypYO5D1OcvSHUynS_-Wl1_0S-laIHDc&s=XYqudrqPACu1wB_McTbfOCSjE5P-TWycb2BM7SRC_8Y&e=
--
Carl J. Mosca
