> > >1. Build auto-update mechanism (Om + Carol) > > release/version.xml is now being generated. You/someone needs to fix > installer.url.win/installer.url.mac in build.properties. > > Awesome! I will get working on the update mechanism. What exactly needs to be done to get the appropriate urls in version.xml? Is that something we can hardcode for now? Of course, the app will still have to resolve the appropriate mirror via closer.cgi.
> > > >3. Signing the binaries the Apache way. I was hoping to learn the > >process, but if Carol can do it for this release, that would be great. In > >any case, I dont have access to a Mac, and I dont think I should be > >signing > >artifacts that I personally did not generate. > > I can do this when it is time. > > Cool. Do you have access to both Windows and Mac machines? You will be able to sign both the binaries, right? > > > >4. The installer app needs to programatically verify the downloaded flex > >binaries' signatures. I have very little experience with crypto > >algorithms. Can someone take this up? Even if someone can explain the > >steps to do this, I can get it done. > > Are you going to check the signature (.asc) or the checksum (.md5)? I'm > sure the later is much easier. > > .md5 it is, then ;-) As I said, I dont know how to go about doing this (yet) I will do some research on this when I get a chance. Thanks, Om
