On Mon, Aug 27, 2012 at 8:56 AM, <donald_harbi...@us.ibm.com> wrote: > Jim Jagielski <j...@jagunet.com> wrote on 08/27/2012 08:43:35 AM: > >> From: Jim Jagielski <j...@jagunet.com> >> To: general@incubator.apache.org, Joe Schaefer >> <joe_schae...@yahoo.com>, Rob Weir <robw...@apache.org>, >> Cc: "ooo-...@incubator.apache.org" <ooo-...@incubator.apache.org> >> Date: 08/27/2012 08:44 AM >> Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote >> >> >> On Aug 26, 2012, at 10:26 AM, Joe Schaefer <joe_schae...@yahoo.com> > wrote: >> >> > No. There is NO WAY IN HELL the org can indemnify >> > a volunteer who produces a binary build themselves. >> > >> > Please don't bother asking legal-discuss to tackle this. >> > >> >> Here's an analogy: for a long, long time Bill Rowe has taken >> it upon himself to create binary builds of Apache httpd for >> the large Windows community. Netware binary builds are also >> occasionally released (see http://httpd.apache.org/download.cgi). >> >> These are available right from the official httpd download >> page and located right next to the official source code, >> yet they are artifacts NOT released (officially) by the >> ASF or the httpd PMC, but are available from a "trusted" >> source. >> >> Isn't that all the end-user cares about? And isn't that >> sufficient for AOO? > > Yes, that's what end users care about. But it's not sufficient for AOO > since we are seeking alternative distribution channels. Effort to > exponentially expand distribution channels require code signing. These > discussions were started on legal@ with no resolution. Sorry I don't have > the reference for that handy. >
Can't we just get a signing certificate that says "ASF unofficial convenience binary" or similar language? This gives us (and more importantly our users) the desired authentication and integrity protections of a digital signature, without implying any additional status. -Rob > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
