wohali opened a new issue #3479: URL: https://github.com/apache/couchdb/issues/3479
We now have, through the ASF, access to DigiCert Secure Software Manager. This will let us sign our binaries - Windows `.exes`, Debian `.deb`s, CentOS/RedHat `.rpm`s, etc. But if we use Artifactory, we may be able to sign the `.deb`s and `.rpm`s there, like we used to do with Bintray, see https://www.jfrog.com/confluence/display/JFROG/Artifactory+Security#ArtifactorySecurity-SigningKeysManagement We may want to simply generate a key from DigiCert and use that to sign stuff that we then push into Artifactory. This all needs more investigation, and sadly, must be worked out alongside #3478 for the Linux package managers. 😩 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
