+1 If the service is there it seems a good idea to use it, and we are providing code that runs as a service so signing seems a good idea. However, CouchDb has never provoked the warnings that Windows gives about unsigned code for me, even though I have UAC enabled on all my systems. This may because I'm an admin user on all of them though.
I had a very quick poke around and found this discussion on the Tomcat mailing list of the effect of signing in Windows and why they need it: Digitally sign the Windows binaries. <https://issues.apache.org/bugzilla/show_bug.cgi?id=56079> Nick On 7 October 2014 00:25, Alexander Shorin <[email protected]> wrote: > This is good idea. +1 > -- > ,,,^..^,,, > > > On Tue, Oct 7, 2014 at 3:00 AM, Joan Touzet <[email protected]> wrote: > > Presented with no bias on my part, but it showed up in my inbox: > > > > https://blogs.apache.org/infra/entry/code_signing_service_now_available > > > > Do we care to use something like this for our Windows binary builds? > > Or are we happy enough to just publish a Windows binary with a checksum? > > I can see the advantage in signing Windows binaries here. > > > > If we add Java or Android components in the future, this could extend to > > signing those binaries as well. I am sufficiently naive about those > > environments to not know whether there exist better, freer, more open > > alternatives that would suffice. > > > > What is the process for signing things that end up in the OSX App Store? > > Would we want to try and get CouchDB in there, or just stick with brew? > > > > -Joan >
