great! ;-) Michael
Am 07.10.14 um 20:07 schrieb Maxim Solodovnik: > sure: https://issues.apache.org/jira/browse/INFRA-8438 :) > > On 8 October 2014 00:34, <[email protected]> wrote: > >> Hello Maxim, >> >> have you seen it? ;-) >> >> Greetings, >> Michael >> >> [ >> >> https://issues.apache.org/jira/browse/INFRA-3991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel >> ] >> >> Mark Thomas resolved INFRA-3991. >> -------------------------------- >> Resolution: Fixed >> >> See for more information >> https://blogs.apache.org/infra/entry/code_signing_service_now_available >> >>> Request for code signing certificate >>> ------------------------------------ >>> >>> Key: INFRA-3991 >>> URL: https://issues.apache.org/jira/browse/INFRA-3991 >>> Project: Infrastructure >>> Issue Type: New Feature >>> Security Level: public(Regular issues) >>> Components: Other/Misc >>> Reporter: Scott Deboy >>> Assignee: Mark Thomas >>> >>> The Logging Services project provides a WebStart-deployed Swing >> application, Chainsaw. To deploy Chainsaw via WebStart and take advantage >> of all of its features, the jars that are downloaded must be signed by a >> code signing certificate which has been signed by a trusted root CA. >>> It would seem to me it would make sense to have this code signing >> certificate and associated keys managed by the ASF and not be a >> project-specific certificate, so other projects could take advantage of the >> same resources. If you feel it makes more sense to get Logging Services >> its own code signing certificate that is managed by the PMC, I'm fine with >> that as well - I would just like the issue to be resolved. >>> I assume if this resource were an ASF-wide resource, the keys and >> certificate would be managed by infra. If so, I'm not sure what workflow >> infra would like to use - maybe a jira issue with release candidate jars >> and pgp info, and signed jars could be added back to the same jira? We >> don't release often, so just let us know what you would like. >>> Our needs are relatively simple, and I understand others may have more >> complex needs. PMC members or the RM could manage self-signed certificates >> and 'get by', but I would rather have an official code signing cert >> provided by ASF itself. >> >> >> >> -- >> This message was sent by Atlassian JIRA >> (v6.3.4#6332) >> >> >> > >
