On Tue, Jun 12, 2012 at 06:57:45AM -0600, Warren Young wrote: >On 6/9/2012 9:57 AM, Christopher Faylor wrote: >>and I'm really not willing to burden cygwin.com with the cycles >>necessary to unpack tarballs at cygwin.com to sign them. > >Based on the traffic I see to cygwin-apps, my sense is that this would >amount to single-digit CPU-minutes per day, once you get through the >initial conversion. That can be nice'd to the point that it takes a >month; this doesn't have to be a Big Bang conversion. > >I think a much bigger problem is getting a Linux toolchain set up on >the main package repo server that can sign these executables. My >Google-fu says the GNU tools have no idea how to do this today. > >Then someone has to spend at least a few hours writing and testing the >script to do all this. It might take a person-day.
If you are working under the misapprehension that I don't understand what's required to get this to work, I can assure you that you're wrong. >Red Hat might not have to buy a code signing cert for this. They might >already have one that will work: http://goo.gl/5Hm3C The Cygwin project is not Red Hat. It wouldn't be "Red Hat" buying anything. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
