This is good idea. +1 -- ,,,^..^,,,
On Tue, Oct 7, 2014 at 3:00 AM, Joan Touzet <[email protected]> wrote: > Presented with no bias on my part, but it showed up in my inbox: > > https://blogs.apache.org/infra/entry/code_signing_service_now_available > > Do we care to use something like this for our Windows binary builds? > Or are we happy enough to just publish a Windows binary with a checksum? > I can see the advantage in signing Windows binaries here. > > If we add Java or Android components in the future, this could extend to > signing those binaries as well. I am sufficiently naive about those > environments to not know whether there exist better, freer, more open > alternatives that would suffice. > > What is the process for signing things that end up in the OSX App Store? > Would we want to try and get CouchDB in there, or just stick with brew? > > -Joan
