On 26 May 2013 09:53, Mechtilde <[email protected]> wrote: > Hello Andrea, > > Am 26.05.2013 00:07, schrieb Andrea Pescetti: > > janI wrote: > >> in all fairness jsc and rob have worked with this for over a > >> year, so it would be more fair to have them do it, and I do not want to > >> come "in between". > > > > This is a good summary written by Juergen: > > http://wiki.apache.org/general/ASFCodeSigning > > > > Note that at FOSDEM we were (inconclusively) discussing with Cacert an > > SSL certificate (to be used for serving HTTPS traffic), not a > > code-signing certificate (to be used for signing released files). > > This can be done with the same Certificat. >
Technically it could be the same certificate but SSL certificates are handled by infra, and codesigning might be (still a discussion) be handled by the projects, making it impractical and less secure to have a single certificate. Work on the SSL certificate is ongoing. Code signing certificate seems to be a longer discussion, where the technical part is the least of the discussion. rgds jan I. > > Kind regards > > Mechtilde > > > > Regards, > > Andrea. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > >
