On 7/1/2011 9:47 AM, Rick Merrill wrote:
Justin Wood (Callek) wrote:
Rick Merrill wrote:
Ok, stupid question du jour: why doesn't the
SeaMonkey 2.1 installer have "a valid digital signature"?
Sadly we do not yet possess the ability to digitally sign our
installer. It needs a
few things to accomplish.
1) a machine much more secure than our current machines, and dedicated
to just signing.
2) a digital certificate to use for signing, from a valid certificate
authority.
We have neither of those at this time, we do hope to be in a position
to get those.
But until then all our release builds are unsigned.
Sounds like a finance problem, so what is your business model?
In this particular case slightly finance, slightly human resource. We
are merely a group of community members without *any* business model atm.
Our hosting and servers are all technically owned by The Mozilla
Foundation at the moment.
As I said, we do intend to change these limitations, but its unclear
when/how we will at this point. One option could certainly entail paying
out of pocket for the hardware/cert. But either way it involves having
the necessary human resources to get it done -- first. Because without
that, investing money on it on our own, out of pocket, is not tenable.
There are rough options barely explored as well, we'll share more when
we learn more.
--
~Justin Wood (Callek)
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
