On 8/16/12 1:07 PM, "Carol Frampton" wrote:
>>>
>> I understand the installer needs a Mac binary and a Win binary, but since
>> they are not official releases, I don't see why the release manager can't
>> ask someone else to build a package for them.
>
> I would think the release manager sh
On 8/16/12 3 :32PM, "Alex Harui" wrote:
>
>
>
>On 8/16/12 10:19 AM, "Carol Frampton" wrote:
>
>>
>>
>> On 8/16/12 12 :38PM, "Alex Harui" wrote:
>>
>>>
>>>
>>>
>>> On 8/16/12 6:11 AM, "Carol Frampton" wrote:
>>>
>>>
This is not the topic of this thread but I think the relea
On 8/16/12 10:19 AM, "Carol Frampton" wrote:
>
>
> On 8/16/12 12 :38PM, "Alex Harui" wrote:
>
>>
>>
>>
>> On 8/16/12 6:11 AM, "Carol Frampton" wrote:
>>
>>
>>>
>>> This is not the topic of this thread but I think the release manager has
>>> to be able to produce both packages.
>>>
On 8/16/12 12 :38PM, "Alex Harui" wrote:
>
>
>
>On 8/16/12 6:11 AM, "Carol Frampton" wrote:
>
>
>>
>> This is not the topic of this thread but I think the release manager has
>> to be able to produce both packages.
>>
>> Carol
>>
>Interesting issue. Theoretically we only release source so I
On 8/16/12 6:11 AM, "Carol Frampton" wrote:
>
> This is not the topic of this thread but I think the release manager has
> to be able to produce both packages.
>
> Carol
>
Interesting issue. Theoretically we only release source so I don't see how
you would need something platform specific.
On 8/15/12 7 :30PM, "Om" wrote:
>So how does this sound:
>
>
> - We don't keep the .p12 file in the repo.
> - We ask developers who want to work with the source code to generate a
> .p12 file (using FB or similar tools) for themselves
> - They should not check it in (add *.p12 to svn ig
On Thu, Aug 16, 2012 at 2:43 AM, Clint Modien wrote:
> ...strange that Apache doesn't have a code signing process in place already…
> seems like a pretty common requirement
See http://www.apache.org/dev/release-signing for how releases are signed.
You're right that the ASF doesn't currently
Sounds good… strange that Apache doesn't have a code signing process in place
already… seems like a pretty common requirement.
On Aug 15, 2012, at 4:30 PM, Om wrote:
> So how does this sound:
>
>
> - We don't keep the .p12 file in the repo.
> - We ask developers who want to work with the s
So how does this sound:
- We don't keep the .p12 file in the repo.
- We ask developers who want to work with the source code to generate a
.p12 file (using FB or similar tools) for themselves
- They should not check it in (add *.p12 to svn ignore?)
- The release managers would crea
Anyone could sign code with the cert if they know/crack the password for the
private key.
I would keep all certs out of the repo in the interest of security and keep
them in a safe place and only grant access to people who create distribution
packages.
If you're doing dev… you can generate you
An air app must be signed with the same cert or it won't install/update unless
you change the app id.
On Aug 15, 2012, at 1:27 PM, Alex Harui wrote:
> Isn't the P12 file made out to some individual like Om? If so, it should
> not be in the repo or distro and one of the steps to building is for
On Aug 15, 2012, at 1:27 PM, Alex Harui wrote:
>
>
>
> On 8/15/12 1:14 PM, "Carol Frampton" wrote:
>
>> I think the question to be asked is can we keep certificate.p12 in the
>> repository and not put it in the source distro?
>>
>> Carol
>>
> Isn't the P12 file made out to some individual
On 8/15/12 1:14 PM, "Carol Frampton" wrote:
> I think the question to be asked is can we keep certificate.p12 in the
> repository and not put it in the source distro?
>
> Carol
>
Isn't the P12 file made out to some individual like Om? If so, it should
not be in the repo or distro and one of
On 8/15/12 4 :05PM, "Om" wrote:
>>
>> I fixed all the issues identified by the RAT check except
>>certificate.p12.
>> That's a binary file and I don't think it can go in the source
>> distribution.
>>
>> I'll leave that to Om and/or Erik to figure out.
>>
>>
>It makes sense for any developer w
>
> I fixed all the issues identified by the RAT check except certificate.p12.
> That's a binary file and I don't think it can go in the source
> distribution.
>
> I'll leave that to Om and/or Erik to figure out.
>
>
It makes sense for any developer who wants to work on it to create their
own cert
15 matches
Mail list logo
