> Dave: > > > Is it possible to derive these p12 files from KEYS? I think it is likely, >> if so we have a path to signing of these artifacts by project release >> managers >> > > I will investigate this approach. I have limited knowledge about this, > but I believe that OpenSSL might help us here. Will let you know soon. > >
Dave, I tried this using gnupg and openssl without any luck. Unless someone knows how to do it, I have hit a dead end. Erik and I have come up with this proposal to move forward. Please let us know your thoughts/suggestions. For the binary releases: * Erik de Bruin and I are the release managers for this tool * We will create a new .p12 with a secure password. We will NOT not check the .p12 file in to SVN. * I will create the Windows release on my machine using the .p12 file to sign the AIR app * I will securely email the .p12 file and the password (in separate emails) to Erik de Bruin * Erik creates the Mac release using the same .p12 file * Erik and I sign the respective releases using our PGP keys in the Apache Way. For the source release: * I will create a compressed file with the source code and sign it with my PGP key Are we missing something? Thanks, Om
