We could add on the Download page that the installer for Mac OSX has been signed but not notarized ( https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution ).
Unless Reema has a plan or someone has a plan relating to notarization. Since we have it signed and it seems a lengthy Apple-driven process to notarize it, I'd argue that so long as we state that clearly, this should not be a blocker for releasing the installer. Gj On Mon, Oct 28, 2019 at 11:36 AM Carl Mosca <[email protected]> wrote: > -1 > "Can't be opened because Apple cannot check for malicious software" > > On Mon, Oct 28, 2019 at 6:26 AM Neil C Smith <[email protected]> > wrote: > > > On Mon, 28 Oct 2019 at 09:54, Eric Barboni <[email protected]> wrote: > > > Sha512 and key from Reema is ok it means this can be released on dist. > > > Not functional is another point. But Reema can cancel if tester on > MacOS > > found issue. > > > > Distribution on dist requires more than that, and we also discussed > > requiring more ourselves. The wording that was discussed, that I > > thought you said you agreed with, said that all voters must verify all > > checksums and keys (including the additional keys in the installers!), > > check they function, and verify that they only install artefacts built > > from the released sources. I don't see any point in voting on > > binaries if we're not requiring checks on all those things that the > > PMC must check. > > > > Anyway, let's not hijack the vote thread further on this. > > > > I'd like to hear Reema's opinion on pulling and re-voting on macOS > > installers because of the notarization issue though. > > > > Thanks and best wishes, > > > > Neil > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > For further information about the NetBeans mailing lists, visit: > > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > > > > > > > > -- > Carl J. Mosca >
