Hi Om, Sorry for the delay I've been busy with work and Apache OpenOffice (incubating).
(1) I think that we need to get confirmation that a .p12 signed release is ok with legal-discuss@. That it is a permissible for a convenience binary. I think that is likely and I'll look into it tomorrow. (2) We probably need to have a release VOTE for the source code making up the InstallApacheFlex package, but I'm not completely sure. Perhaps Bertrand can answer that question. Regards, Dave On Aug 27, 2012, at 5:48 PM, Om wrote: > Hi, > > Can one of the mentors please respond? I was hoping to make a release of > InstallApacheFlex soon. > > Thanks, > Om > > On Mon, Aug 27, 2012 at 12:51 AM, Om <bigosma...@gmail.com> wrote: > >> >> Dave: >>> >>> >> >>> Is it possible to derive these p12 files from KEYS? I think it is likely, >>>> if so we have a path to signing of these artifacts by project release >>>> managers >>>> >>> >>> I will investigate this approach. I have limited knowledge about this, >>> but I believe that OpenSSL might help us here. Will let you know soon. >>> >>> >> >> Dave, >> >> I tried this using gnupg and openssl without any luck. Unless someone >> knows how to do it, I have hit a dead end. >> >> Erik and I have come up with this proposal to move forward. Please let us >> know your thoughts/suggestions. >> >> For the binary releases: >> * Erik de Bruin and I are the release managers for this tool >> * We will create a new .p12 with a secure password. We will NOT not check >> the .p12 file in to SVN. >> * I will create the Windows release on my machine using the .p12 file to >> sign the AIR app >> * I will securely email the .p12 file and the password (in separate >> emails) to Erik de Bruin >> * Erik creates the Mac release using the same .p12 file >> * Erik and I sign the respective releases using our PGP keys in the Apache >> Way. >> >> For the source release: >> * I will create a compressed file with the source code and sign it with >> my PGP key >> >> Are we missing something? >> >> Thanks, >> Om >>