On 25 May 2013 18:01, Mechtilde <[email protected]> wrote: > Hello Jan, > > can you give me a short description what we/you need and what are the > problems with apache infrastructure. >
I could, but in all fairness jsc and rob have worked with this for over a year, so it would be more fair to have them do it, and I do not want to come "in between". > > I'm not so familar with the apache infrastructure to understand all > things of the thread. > > Then I will give this information to people who are familar with > organisation assurance by Cacert. > Thx I hope jsc and/or rob will pick it up. rgds jan I. > > Thanks > > Mechtilde > > > Am 25.05.2013 15:38, schrieb janI: > > On 25 May 2013 15:31, Mechtilde <[email protected]> wrote: > > > >> Hello, > >> > >> what about an organisation assurance by Cacert. > >> > >> At FOSDEM 2013 there are some discussions with people from cacert. > >> > >> If you need more informations and contacts I will act as an agent. > >> > > If you can get some information, I would like to read it, and pass it on > to > > infra. > > > > rgds > > jan I. > > > > > >> > >> Let me know > >> > >> Kind regards > >> > >> Mechtilde > >> > >> > >> Am 25.05.2013 15:22, schrieb janI: > >>> On 25 May 2013 12:04, Andrea Pescetti <[email protected]> wrote: > >>> > >>>> Dave Fisher wrote: > >>>> > >>>>> The main concern that the ASF has with digitally signing with a > >>>>> singular apache.org certificate for the whole foundation is keeping > >>>>> it in strict control. For some this means physical machines. This is > >>>>> a high bar. > >>>>> I wonder if the ASF would allow AOO to experiment with an > >>>>> OpenOffice.org codesigning certificate? > >>>>> > >>>> > >>>> If there is willingness to experiment on this, for sure the OpenOffice > >>>> project would benefit from it. It is clear what the goal is: it would > be > >>>> beneficial to our users if the Windows and Mac binaries were signed, > to > >>>> avoid potentially confusing security warnings. And it would be very > >> good to > >>>> have it by version 4.0. And the problem is much more with policy (or, > in > >>>> general, with security/infra concerns) than technology. > >>>> > >>> > >>> Seen with infra eyes the major problem is to find a working procedure > >> that > >>> are secure, meaning only few people have access to signing, the > >> discussions > >>> there have been very little on politics > >>> > >>>> > >>>> We never thought we would get the wildcard certificate, but hey who > >>>>> knows? > >>>>> > >>>> > >>>> I thought it was hard, but not impossible. But honestly, it also > raised > >>>> fewer concerns than a code-signing certificate. > >>>> > >>>> On May 24, 2013, at 2:43 PM, Rob Weir wrote: > >>>>> > >>>>>> And I should mention that pushing the code signing side is > >>>>>> probably premature until we have the build side more solidly > >>>>>> automated. > >>>>>> > >>>>> > >>>> This has been Infra's approach in the current discussion. For those > not > >>>> following that list: see http://mail-archives.apache. > >> **org/mod_mbox/www-** > >>>> infrastructure-dev/< > >> http://mail-archives.apache.org/mod_mbox/www-infrastructure-dev/>(you > >> will see the "code signing" thread appearing in most of the recent > >>>> months' archives). > >>>> > >>>> On Fri, May 24, 2013 at 5:01 PM, janI wrote: > >>>>>>> > >>>>>>>> I am sorry I defended our viewpoint, and made this list aware > >>>>>>>> that there are other projects with similar needs. You just > >>>>>>>> managed to kill the messenger, next time this issue is > >>>>>>>> discussed on IRC, I will refer to this thread and keep silent. > >>>>>>>> > >>>>>>> > >>>> No, no need for this. Of course you should discuss options that would > be > >>>> beneficial to the OpenOffice project, and it's well-known that you do > >> get > >>>> things done, a lot of them. In this case, the ongoing frustration that > >> you > >>>> see reflected in some messages is due to the fact that the long > >> discussion > >>>> on infra-dev made it clear, so far, that there are infrastructure > >>>> requirements that must be satisfied as a prerequisite for code > signing. > >>>> > >>>> So, while code-signing is the ultimate goal, with the current approach > >> we > >>>> would have to get other infrastructure work done before it (namely, > >> improve > >>>> buildbots). Unless we have, or find, a way to work around it to > properly > >>>> sign the 4.0 release. > >>>> > >>> > >>> Thx for the kind words. Actually buildbots is only one way of doing > this, > >>> and not the way you find in many big companies. In many companies (see > >>> adobe as the example) the built binaries are delivered to a central > >>> signing server, where only very few people have access. The project > >>> guarantees for the quality of the binary being delivered, please > remember > >>> using the buildbot it still no guarantee against malicous code, a > >> committer > >>> could easily insert that over time. Connecting buildbot and signing > would > >>> mean allowing many people having access to the certificate, which is a > >> risk > >>> in itself. > >>> > >>> A central signing server has many advantages, but one big disadvantage > it > >>> puts more load in infra, something they are very nervours about. > >>> > >>> rgds > >>> jan I. > >>> > >>> Regards, > >>>> Andrea. > > > > >
