On Fri, May 24, 2013 at 1:50 PM, janI <j...@apache.org> wrote: > Hi. > > we are not alone in ASF wishing code signing, but we might get run over (as > I did today on IRC) if we do not formulate our requirements very clearly. >
Can you give us a better sense of what part of AOO code signing is unclear to Infra? We've been discussing this for more than a year now, so I'd be surprised if there are any technological questions remaining at this point. -Rob > rgds > jan I. > > ---------- Forwarded message ---------- > From: Scott Deboy <scott.de...@gmail.com> > Date: 24 May 2013 18:59 > Subject: Re: Official code signing certificate > To: infrastructure-...@apache.org > > > Logging Services has a simple requirement: > > Have the Chainsaw build artifacts signed by a Java code signing cert > that is signed by a trusted/root CA so the jars can be downloaded via > WebStart without the user receiving a warning that the signed jars > aren't trusted. > > The Chainsaw maven script supports signing jars - infra just needs to > point it to the cert. > > I don't know whether or not an ASF-wide Java code signing cert makes > sense or a Logging Services-specific Java code signing cert makes > sense. I don't even know if it is possible to have TLP-specific Java > code signing certs. I defer to infra on that decision. > > I believe the code signing service WRowe described will meet our > requirements. Hopefully infra can spend some time looking at the > service and see how it can meet their requirements. > > Logging Services would like to be a guinea pig for the Java code > signing service WRowe described above. If there are additional > details needed by infra, we are happy to provide them. > > Thanks, > > Scott > > On 4/12/13, sebb <seb...@gmail.com> wrote: >> You are now in http://wiki.apache.org/general/ContributorsGroup >> >> >> On 12 April 2013 17:32, William A. Rowe Jr. <wr...@rowe-clan.net> wrote: >> >>> On Fri, 12 Apr 2013 10:47:29 -0500 >>> "William A. Rowe Jr." <wr...@rowe-clan.net> wrote: >>> >>> > On Tue, 26 Mar 2013 00:56:06 +0200 >>> > Daniel Shahaf <d...@daniel.shahaf.name> wrote: >>> > >>> > > Can you write this all down somewhere? A wiki page maybe >>> > >>> > http://wiki.apache.org/general/ASFCodeSigning >>> >>> Could one of the page editors please grant WilliamARoweJr some >>> karma? I'll document the first-draft approach and the Symantec >>> service-based approach. >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
