On 6/9/2012 9:57 AM, Christopher Faylor wrote:
and I'm really not willing to burden cygwin.com with the cycles necessary to unpack tarballs at cygwin.com to sign them.
Based on the traffic I see to cygwin-apps, my sense is that this would amount to single-digit CPU-minutes per day, once you get through the initial conversion. That can be nice'd to the point that it takes a month; this doesn't have to be a Big Bang conversion.
I think a much bigger problem is getting a Linux toolchain set up on the main package repo server that can sign these executables. My Google-fu says the GNU tools have no idea how to do this today.
Then someone has to spend at least a few hours writing and testing the script to do all this. It might take a person-day.
Red Hat might not have to buy a code signing cert for this. They might already have one that will work: http://goo.gl/5Hm3C
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
