On Mon, Apr 30, 2012 at 4:53 AM, Jürgen Schmidt <[email protected]> wrote: > On 4/28/12 1:40 AM, Rob Weir wrote: >> >> On Fri, Apr 27, 2012 at 10:41 AM, Rob Weir<[email protected]> wrote: >>> >>> >>> https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+3.4+Distribution+Tasks >>> >>> Please review this task list and see if anything is missing. It >>> would be great to confirm that this list is complete and to have a >>> volunteer's name listed against each one of these tasks. >>> >> >> I added a new task, now #2. Once we have the final files approved we >> should "whitelist' them with Symantec, so users will get fewer >> false-hits from anti-virus. >> >> https://submit.symantec.com/whitelist/isv/new/ >> >> Among the information they need is URL and SHA256 hash. It looks like >> each language will need to be submitted separately. > > > Ok we have currently sha1 and sha512 checksums, should we skip one of them > in favor of sha256? >
Maybe we can simplify this in future release, but in this case we did vote on a release with sha1 and sha512, so I think we need to keep those. And in the future we probably solve this with code signing. But for 3.4 Symantec allows us to provide a sha256 instead of code signing. This signature does not need to be in the distribution. It is only uploaded to Symantec on their "whitelisting" form. I don't know if it matters, but they recommend using this tool: http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx -Rob > > I'm assuming only >> >> Windows. Or is Symantec used on MacOS as well? > > > Symantec is used on Mac as well > > Juergen > > >> >> -Rob >> >>> Note the additional complexity caused by having hard-coded download >>> logic on the various NL pages. >>> >>> -Rob > >
