Digital signing Digital signing an upcomming service for all - - PowerPoint PPT Presentation

digital signing
SMART_READER_LITE
LIVE PREVIEW

Digital signing Digital signing an upcomming service for all - - PowerPoint PPT Presentation

Digital signing Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as Enterprise Service Provider PMC as Software Publishers Provide signing for microsoft jani


slide-1
SLIDE 1

Digital signing

Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as “Enterprise Service Provider” PMC as “Software Publishers” Provide signing for microsoft

slide-2
SLIDE 2

jani

  • About the speaker

– '75 - made first program (basic) – '81 - programmed Wordprocessors – '82 - free cross compiler (basic → C) – '86 - free tcp/ip driver embedded unix – '96 - country wide wan monitoring – '02 - DB server (400.000 power meters) – '12 - joined ASF, focus on “payback” – '13 - committer/PMC AOO and Infra

slide-3
SLIDE 3

Digital signing

Why care ?

  • Prevent repackaging with adware/malware
  • Install without warning on Windows 8
  • Use java jre7 without problems
  • Show ASF is just as prof. as paid-for sw.

– SW Businesses claim

  • OpenSoftware is insecure
  • Trust cost money
slide-4
SLIDE 4

Digital signing

Why not apple ?

  • Only signing against apple certificate
  • Only distribution through iTunes

– No other channels allowed

  • Process is different from others
  • Symantec does not support apple signing
slide-5
SLIDE 5

Digital signing

Status

  • Infra engaged with symantec in a test

– Tomcat is primary project

  • Simple requirements

– AOO is expected as second project

  • “doing AOO, covers any other project”
  • Symantec

– Provides test platform (and later prod) – Consultant time

slide-6
SLIDE 6

Digital signing

Current project team

  • pctony, covering infrastructure

– general setup

  • markt, covering tomcat and infrastructure

– Specialist – tomcat is a simple good start

  • jani, covering AOO and infrastructure

– AOO contains everything

slide-7
SLIDE 7

Digital signing

AOO status

  • A build flow has been designed and tested

– Impact on trunk is very limited – Impact on release manager is high

  • Need a project team to implement and test
  • Branches with major build changes:

– Capstone, prepared – Build R.I.P. (part of l10n40), prepared, – Rejuvenate01, waiting

slide-8
SLIDE 8

Digital signing

Workflow

  • Develop → build all → Test
  • Sign all generated artifacts (dll, jar, exe)

– direct in solver directory

  • Rebuild from instsetoo_native
  • Sign final install file
  • Vote on release
  • Follow same step for all languages