Ant wrote: > Just curious. Why no code-signed releases? Is it because SeaMonkey is > not an official Mozilla product like Firefox and Thunderbird?
That was the primary reason up until this year, due to no legal entity officially responsible for SeaMonkey, and with my non-employee status it was hard to coerce legal/magic to get us a code-signing cert. Within the last month or so, we *finally* have a code signing cert, which is in my possession. As an employee of Mozilla Corp now, we were able to shortcut one of the current legal hurdles while we try and prove that Signing works, reliably, and get stuff handled. Once that is done we can work on other legal aspects, as in who has access to the cert (besides me -- if anyone), if [and where] we can host a signing machine (like MoCo has for their infra) etc., right now it will be up to me. I was working this weekend on the ability to sign, as it is. We're not quite ready yet, but as soon as we are I'll publish a call-for-help/testing on signed binaries, (separately from the real release at first) Basic Things I'll need to test with this, include: * Does English and at least 1 other locale have signed files properly? [both installer and after-installed] * Does updates from unsigned->signed work correctly * Does updates from signed->signed work correctly Part of this is also getting Mac binaries signed with an Apple keychain. -- I have the key for that, but no knowledge on how/what to do yet [I have docs, but I'm focusing on Authenticode/Windows signing right now -- one hurdle at a time] - No hard ETA on any of it yet. -- ~Justin Wood (Callek) _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
