On 25 May 2013 12:04, Andrea Pescetti <[email protected]> wrote: > Dave Fisher wrote: > >> The main concern that the ASF has with digitally signing with a >> singular apache.org certificate for the whole foundation is keeping >> it in strict control. For some this means physical machines. This is >> a high bar. >> I wonder if the ASF would allow AOO to experiment with an >> OpenOffice.org codesigning certificate? >> > > If there is willingness to experiment on this, for sure the OpenOffice > project would benefit from it. It is clear what the goal is: it would be > beneficial to our users if the Windows and Mac binaries were signed, to > avoid potentially confusing security warnings. And it would be very good to > have it by version 4.0. And the problem is much more with policy (or, in > general, with security/infra concerns) than technology. >
Seen with infra eyes the major problem is to find a working procedure that are secure, meaning only few people have access to signing, the discussions there have been very little on politics > > We never thought we would get the wildcard certificate, but hey who >> knows? >> > > I thought it was hard, but not impossible. But honestly, it also raised > fewer concerns than a code-signing certificate. > > On May 24, 2013, at 2:43 PM, Rob Weir wrote: >> >>> And I should mention that pushing the code signing side is >>> probably premature until we have the build side more solidly >>> automated. >>> >> > This has been Infra's approach in the current discussion. For those not > following that list: see http://mail-archives.apache.**org/mod_mbox/www-** > infrastructure-dev/<http://mail-archives.apache.org/mod_mbox/www-infrastructure-dev/>(you > will see the "code signing" thread appearing in most of the recent > months' archives). > > On Fri, May 24, 2013 at 5:01 PM, janI wrote: >>>> >>>>> I am sorry I defended our viewpoint, and made this list aware >>>>> that there are other projects with similar needs. You just >>>>> managed to kill the messenger, next time this issue is >>>>> discussed on IRC, I will refer to this thread and keep silent. >>>>> >>>> > No, no need for this. Of course you should discuss options that would be > beneficial to the OpenOffice project, and it's well-known that you do get > things done, a lot of them. In this case, the ongoing frustration that you > see reflected in some messages is due to the fact that the long discussion > on infra-dev made it clear, so far, that there are infrastructure > requirements that must be satisfied as a prerequisite for code signing. > > So, while code-signing is the ultimate goal, with the current approach we > would have to get other infrastructure work done before it (namely, improve > buildbots). Unless we have, or find, a way to work around it to properly > sign the 4.0 release. > Thx for the kind words. Actually buildbots is only one way of doing this, and not the way you find in many big companies. In many companies (see adobe as the example) the built binaries are delivered to a central signing server, where only very few people have access. The project guarantees for the quality of the binary being delivered, please remember using the buildbot it still no guarantee against malicous code, a committer could easily insert that over time. Connecting buildbot and signing would mean allowing many people having access to the certificate, which is a risk in itself. A central signing server has many advantages, but one big disadvantage it puts more load in infra, something they are very nervours about. rgds jan I. Regards, > Andrea. > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > dev-unsubscribe@openoffice.**apache.org<[email protected]> > For additional commands, e-mail: [email protected] > >
