I've just completed the 8.0.14 release using the new code signing service. I'll call the vote shortly.
I've also back-ported the change to 7.0.x to pick up the signed versions of Commons Daemon 1.0.15. I think we should sign the 7.0.x releases as well but I am leaning towards doing this manually this time and back-porting the changes to do this as part of the build script for next release. Thoughts? On a related note, the Windows uninstaller is not currently signed. The issue is that NSIS writes it directly to the installer for later extraction as part of the install process. To sign it we need to be able to: - get NSIS to write it to disk - call the signing service (easy) - get NSIS to write it - as the uninstaller - to the installer archive The downside is that we'll have to sign the uninstaller and the installer separately. That means two signing events per release rather than one. The ASF has a fixed number of signing events and we have to pay if we want more. I'm sure we'll have enough for 2 per Tomcat release but just something to keep in mind. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
