Dave,
> It is certainly reasonable for multiple people to have their signing key
> within the project's KEYS file. Releases may be signed by anyone on that
> key.
>
That's good to know!
>
> Is it possible to derive these p12 files from KEYS? I think it is likely,
> if so we have a path to signi
It's usually not feasible for the group responsible for signing binaries to
also build the binary. It should be secure enough to scp the bits somewhere
along with a sha/md5 checksum file.
On Aug 16, 2012, at 3:13 PM, Om wrote:
> I agree with Carol. When a release manager signs a binary, they
On Aug 16, 2012, at 3:13 PM, Om wrote:
> On Thu, Aug 16, 2012 at 1:32 PM, Alex Harui wrote:
>
>>
>>
>>
>> On 8/16/12 1:07 PM, "Carol Frampton" wrote:
>>
>>
>
I understand the installer needs a Mac binary and a Win binary, but
>> since
they are not official releases, I don't
On Thu, Aug 16, 2012 at 1:32 PM, Alex Harui wrote:
>
>
>
> On 8/16/12 1:07 PM, "Carol Frampton" wrote:
>
>
> >>>
> >> I understand the installer needs a Mac binary and a Win binary, but
> since
> >> they are not official releases, I don't see why the release manager
> can't
> >> ask someone else
