Mark, On 9/13/17 2:09 PM, Mark Thomas wrote: > FYI but mainly for anyone doing a release, the code signing service is > available again. The account has been renewed for another year and we > (Tomcat) have enough credits to keep us going for a while. I'll keep an > eye on our credit usage and get our allocation increased if we need more.
IIRC, Symantec was the vendor providing code-signing certificates. Are those certificates impacted by the impending dis-trusting of Symantec-issued TLS certificates? DigiCert is purchasing (has purchased?) Symantec's various CAs, and that also might have an effect on (a) the trust of our certificates/signatures and (b) the future of the code-signing arrangement with the new vendor. I suspect DigiCert will be happy to continue to provide ASF with low/no-cost code-signing credits, but it might be nice to have that clarified sooner rather than later. Thanks, -chris
signature.asc
Description: OpenPGP digital signature
