+1 on the cert's prudence. Michael Bushe Software Architect/Developer [email protected] www.bushe.com
On Sun, Dec 6, 2009 at 9:41 AM, Martijn Dashorst <[email protected] > wrote: > If such a certificate would be prudent, I don't think anyone will > object to shelling out 500 bucks. Though not something I'd personally > want to pay, but for an organization with our sponsors it is not that > much, and money well spent. > > I suggest sending this message to gene...@incubator and infra@ and see > where that takes us. > > Martijn > > On Sun, Dec 6, 2009 at 2:33 PM, Greg Brown <[email protected]> wrote: > > Hello mentors, > > > > Back when Pivot first entered the Incubator, I had asked about the > availability of an official Apache code signing certificate. Some of our > demo and tutorial JARs are signed, but they currently use an unofficial (and > expired) certificate Todd had created locally for testing purposes. This > doesn't inspire quite as much confidence in the authenticity of the code as > we would like. :-) > > > > The response at the time was that no such certificate currently exists. > Once we graduate, do you know if it might be possible to request one? I > believe these cost around $500 (US) - is the ASF likely to cover something > like this, or do you think we would need to fund it ourselves? > > > > FWIW, I actually tried to get both Verisign and Thawte to contribute a > certificate a few months back, and I didn't get a reply from either > one...maybe I will try again after we graduate. Anyone have any contacts at > either place? > > > > Thanks, > > Greg > > > > > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.4 increases type safety for web applications > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.0 >
