BUILDS: Provide digital signing on installation kits
----------------------------------------------------
Key: CORE-5996
URL: http://tracker.firebirdsql.org/browse/CORE-5996
Project: Firebird Core
Issue Type: New Feature
Components: Build Issues / Porting
Affects Versions: 4.0 Beta 1, 2.5.9, 3.0.5
Environment: All platforms
Reporter: Helen Borrie
John Frankland in firebird-devel and several other forums:
> What is the practice regarding digital signing of Firebird executables and
> installers etc.?
> Some releases have been signed with a "Firebird Inc" certificate in the past
> but it seems signing is not always done.
> Can signing be adopted as a policy?
Alex Peshkov in firebird-devel:
It's really funny. Sha256 checksums are provided for snapshot builds but not
for releases.
Sean Leyne in firebird-devel:
SHA hashes are fine to validate downloads, but they are not the same as signing
the install kits/executable.
Windows has increasingly made it difficult to install and/or run non-signed
kits/executables.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
