On Wed, Oct 5, 2011 at 12:27 AM, Scott Deboy <scott.de...@gmail.com> wrote: > There are a number of people looking for resolution on the code signing cert > question (Eclipse plugins, maven artifacts, etc). I'll file a Jira issue. > Our case is relatively straightforward - hopefully infra can automate it so > we can send them binaries/drop binaries into a folder, along with a link to > the vote and pgp signing info and they can sign the artifacts. We shall > see.
Sounds excellent. Yesterday I asked at the IRC channel, but no response. Can you proceed with the downloadable release while the Webstart "release" is postboned? Christian > > Scott > > On Tue, Oct 4, 2011 at 10:51 AM, Christian Grobmeier <grobme...@gmail.com> > wrote: >> >> OK understood. >> >> Not sure were do ask, but maybe infra has an idea if such a thing >> exists. If not, we might ask the board if we can buy something like >> that >> >> On Tue, Oct 4, 2011 at 7:44 PM, Scott Deboy <scott.de...@gmail.com> wrote: >> > We need a code signing certificate that is trusted by a root cert auth, >> > and >> > use that cert to sign the jars - I would prefer the ASF handle this. >> > >> > See >> > >> > http://download.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/faq.html >> > >> > Scott >> > >> > >> > On Tue, Oct 4, 2011 at 10:32 AM, Christian Grobmeier >> > <grobme...@gmail.com> >> > wrote: >> >> >> >> > http://logging.apache.org/chainsaw/download.html - by clicking on the >> >> > 'Java >> >> > Web Start' link, Chainsaw will download, install and run.. >> >> > >> >> > To update the version of Chainsaw we provide via Web Start, we need >> >> > to >> >> > sign >> >> > the jars, since Chainsaw writes to the local file system, can >> >> > initiate >> >> > socket connections, etc, and Web Start only allows that if the jars >> >> > are >> >> > signed and the person oks the access..It seems Apache should have a >> >> > cert >> >> > for >> >> > signing jars, instead of having to do this ourselves.. >> >> >> >> Is any pgp key fine to sign or should it be one with a trusted >> >> identiy, like "this software was developed by the ASF" and so on? >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org >> >> For additional commands, e-mail: log4j-dev-h...@logging.apache.org >> >> >> > >> > >> >> >> >> -- >> http://www.grobmeier.de >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org >> For additional commands, e-mail: log4j-dev-h...@logging.apache.org >> > > -- http://www.grobmeier.de --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-dev-h...@logging.apache.org
