If such a certificate would be prudent, I don't think anyone will object to shelling out 500 bucks. Though not something I'd personally want to pay, but for an organization with our sponsors it is not that much, and money well spent.
I suggest sending this message to gene...@incubator and infra@ and see where that takes us. Martijn On Sun, Dec 6, 2009 at 2:33 PM, Greg Brown <[email protected]> wrote: > Hello mentors, > > Back when Pivot first entered the Incubator, I had asked about the > availability of an official Apache code signing certificate. Some of our demo > and tutorial JARs are signed, but they currently use an unofficial (and > expired) certificate Todd had created locally for testing purposes. This > doesn't inspire quite as much confidence in the authenticity of the code as > we would like. :-) > > The response at the time was that no such certificate currently exists. Once > we graduate, do you know if it might be possible to request one? I believe > these cost around $500 (US) - is the ASF likely to cover something like this, > or do you think we would need to fund it ourselves? > > FWIW, I actually tried to get both Verisign and Thawte to contribute a > certificate a few months back, and I didn't get a reply from either > one...maybe I will try again after we graduate. Anyone have any contacts at > either place? > > Thanks, > Greg > > -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.4 increases type safety for web applications Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.0
