It seems reasonable to me to tack code signing onto the end of CI builds
from the likes of buildbot and Jenkins. You can then restrict your code
signing service to the robots and avoid the pesky problems humans
introduce into the process.
--
Daniel Ruggeri
On 2/25/2016 1:57 PM, Christopher wrote
On Thu, Feb 25, 2016 at 2:10 PM Shane Curcuru wrote:
> Christopher wrote on 2/25/16 1:47 PM:
> > I'm not sure where exactly this discussion should fit, but I know people
> > have brought up questions about ASF-wide signing of artifacts before, so
> > I'll just mention it on this list.
> >
> > Fed
Christopher wrote on 2/25/16 1:47 PM:
> I'm not sure where exactly this discussion should fit, but I know people
> have brought up questions about ASF-wide signing of artifacts before, so
> I'll just mention it on this list.
>
> Fedora infrastructure has built a project called sigul:
> https://fed
I'm not sure where exactly this discussion should fit, but I know people
have brought up questions about ASF-wide signing of artifacts before, so
I'll just mention it on this list.
Fedora infrastructure has built a project called sigul:
https://fedorahosted.org/sigul/
which they use as part of the
