amoeba commented on PR #48934: URL: https://github.com/apache/arrow/pull/48934#issuecomment-3812990738
Hey @alinaliBQ, Re: > Does the ODBC MSI installer require Windows Authenticode signature for an official release? While all artifacts must be signed, I'm not sure that level of code signing is strictly _required_ for a release. That said, I think it would be best to take the extra steps to sign the installer so it shows up as trusted by Windows. ASF Infra provides projects access to their DigiCert cert and has a help page for it: https://infra.apache.org/digicert-use.html. So for the Arrow project to sign those, I think one of us PMC members would need to go through that process and would also need to manually build and sign the MSI as part of the release process. @raulcd @kou does that sound doable to have a manual step like that? I could go through the ASF process and do the signing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
