sure: https://issues.apache.org/jira/browse/INFRA-8438 :)
On 8 October 2014 00:34, <[email protected]> wrote: > Hello Maxim, > > have you seen it? ;-) > > Greetings, > Michael > > [ > > https://issues.apache.org/jira/browse/INFRA-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Mark Thomas resolved INFRA-3991. > -------------------------------- > Resolution: Fixed > > See for more information > https://blogs.apache.org/infra/entry/code_signing_service_now_available > > > Request for code signing certificate > > ------------------------------------ > > > > Key: INFRA-3991 > > URL: https://issues.apache.org/jira/browse/INFRA-3991 > > Project: Infrastructure > > Issue Type: New Feature > > Security Level: public(Regular issues) > > Components: Other/Misc > > Reporter: Scott Deboy > > Assignee: Mark Thomas > > > > The Logging Services project provides a WebStart-deployed Swing > application, Chainsaw. To deploy Chainsaw via WebStart and take advantage > of all of its features, the jars that are downloaded must be signed by a > code signing certificate which has been signed by a trusted root CA. > > It would seem to me it would make sense to have this code signing > certificate and associated keys managed by the ASF and not be a > project-specific certificate, so other projects could take advantage of the > same resources. If you feel it makes more sense to get Logging Services > its own code signing certificate that is managed by the PMC, I'm fine with > that as well - I would just like the issue to be resolved. > > I assume if this resource were an ASF-wide resource, the keys and > certificate would be managed by infra. If so, I'm not sure what workflow > infra would like to use - maybe a jira issue with release candidate jars > and pgp info, and signed jars could be added back to the same jira? We > don't release often, so just let us know what you would like. > > Our needs are relatively simple, and I understand others may have more > complex needs. PMC members or the RM could manage self-signed certificates > and 'get by', but I would rather have an official code signing cert > provided by ASF itself. > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) > > > -- WBR Maxim aka solomax
