You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2021/03/29 22:38:23 UTC

[GitHub] [couchdb] wohali opened a new issue #3479: Signing: DigiCert? Artifactory?

wohali opened a new issue #3479:
URL: https://github.com/apache/couchdb/issues/3479


   We now have, through the ASF, access to DigiCert Secure Software Manager.
   
   This will let us sign our binaries - Windows `.exes`, Debian `.deb`s, CentOS/RedHat `.rpm`s, etc.
   
   But if we use Artifactory, we may be able to sign the `.deb`s and `.rpm`s there, like we used to do with Bintray, see https://www.jfrog.com/confluence/display/JFROG/Artifactory+Security#ArtifactorySecurity-SigningKeysManagement
   
   We may want to simply generate a key from DigiCert and use that to sign stuff that we then push into Artifactory.
   
   This all needs more investigation, and sadly, must be worked out alongside #3478 for the Linux package managers. 😩 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] wohali commented on issue #3479: Signing: DigiCert? Artifactory?

Posted by GitBox <gi...@apache.org>.

wohali commented on issue #3479:
URL: https://github.com/apache/couchdb/issues/3479#issuecomment-826975365


   All `.deb` and `.rpm` packages are signed by Artifactory or my personal GPG signing key.
   
   That just leaves Windows binaries to be signed by DigiCert now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org