On Mon, Aug 27, 2012 at 8:56 AM, <[email protected]> wrote: > Jim Jagielski <[email protected]> wrote on 08/27/2012 08:43:35 AM: > >> From: Jim Jagielski <[email protected]> >> To: [email protected], Joe Schaefer >> <[email protected]>, Rob Weir <[email protected]>, >> Cc: "[email protected]" <[email protected]> >> Date: 08/27/2012 08:44 AM >> Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote >> >> >> On Aug 26, 2012, at 10:26 AM, Joe Schaefer <[email protected]> > wrote: >> >> > No. There is NO WAY IN HELL the org can indemnify >> > a volunteer who produces a binary build themselves. >> > >> > Please don't bother asking legal-discuss to tackle this. >> > >> >> Here's an analogy: for a long, long time Bill Rowe has taken >> it upon himself to create binary builds of Apache httpd for >> the large Windows community. Netware binary builds are also >> occasionally released (see http://httpd.apache.org/download.cgi). >> >> These are available right from the official httpd download >> page and located right next to the official source code, >> yet they are artifacts NOT released (officially) by the >> ASF or the httpd PMC, but are available from a "trusted" >> source. >> >> Isn't that all the end-user cares about? And isn't that >> sufficient for AOO? > > Yes, that's what end users care about. But it's not sufficient for AOO > since we are seeking alternative distribution channels. Effort to > exponentially expand distribution channels require code signing. These > discussions were started on legal@ with no resolution. Sorry I don't have > the reference for that handy. >
Can't we just get a signing certificate that says "ASF unofficial convenience binary" or similar language? This gives us (and more importantly our users) the desired authentication and integrity protections of a digital signature, without implying any additional status. -Rob > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
