You asked somewhere how you sign your app in the Apache way. The process is somewhat documented here [1].
The rough steps you need to follow are: 1) Create a key. 2) Make sure the public part of your key is on one of the public servers. 3) Add your key to https://svn.apache.org/repos/asf/incubator/flex/trunk/KEYS. 4) Ideally your key would be signed by others so it is linked into the Apache web of trust. Mine is not. 5) Use the script sign_and_hash.sh which I just added to a new build subdirectory to sign your artifacts. Read the header of the scripts for instructions. You will need your private key. Or, when you're ready, I can sign it. [1] http://www.apache.org/dev/release-signing.html Carol On 7/16/12 7 :19PM, "Om" <bigosma...@gmail.com> wrote: >(Carol/Alex, please free to jump in as well) > >This page http://people.apache.org/~bigosmallm/installapacheflex/ lets you >download a binary file. >For this discussion, the InstallApacheFlex AIR app = 'Installer' > >1. Should the installer be signed in the same way as the Apache Flex SDK >binary is signed? The process for signing AIR apps is described here >[1<http://livedocs.adobe.com/flex/3/html/help.html?content=distributing_ap >ps_4.html>] >How do we do this in the Apache way? > >2. The installer downloads the binary distribution of the Apache Flex >sdk. Should the installer programatically verify the downloaded binary >file's signature before uncompressing it? > >3. I see that mirrors are preferred over downloading directly from Apache >servers. Is there a standard list of mirror locations that I can access >from somewhere? I think I will need to modify the installer to >dynamically >select a mirror for downloading from, right? > >[1] >http://livedocs.adobe.com/flex/3/html/help.html?content=distributing_apps_ >4.html > >Thanks, >Om
