Hello Maxim,
have you seen it? ;-)
Greetings,
Michael
[
https://issues.apache.org/jira/browse/INFRA-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Thomas resolved INFRA-3991.
--------------------------------
Resolution: Fixed
See for more information
https://blogs.apache.org/infra/entry/code_signing_service_now_available
> Request for code signing certificate
> ------------------------------------
>
> Key: INFRA-3991
> URL: https://issues.apache.org/jira/browse/INFRA-3991
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Other/Misc
> Reporter: Scott Deboy
> Assignee: Mark Thomas
>
> The Logging Services project provides a WebStart-deployed Swing application,
> Chainsaw. To deploy Chainsaw via WebStart and take advantage of all of its
> features, the jars that are downloaded must be signed by a code signing
> certificate which has been signed by a trusted root CA.
> It would seem to me it would make sense to have this code signing certificate
> and associated keys managed by the ASF and not be a project-specific
> certificate, so other projects could take advantage of the same resources.
> If you feel it makes more sense to get Logging Services its own code signing
> certificate that is managed by the PMC, I'm fine with that as well - I would
> just like the issue to be resolved.
> I assume if this resource were an ASF-wide resource, the keys and certificate
> would be managed by infra. If so, I'm not sure what workflow infra would
> like to use - maybe a jira issue with release candidate jars and pgp info,
> and signed jars could be added back to the same jira? We don't release
> often, so just let us know what you would like.
> Our needs are relatively simple, and I understand others may have more
> complex needs. PMC members or the RM could manage self-signed certificates
> and 'get by', but I would rather have an official code signing cert provided
> by ASF itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
