build.geoserver.org code signing permission

[jive]

This is a request for the SAC to use the osgeo code signing certificate on a new machine - build.geoserver.org.

Larry Shaffer is in posession of this certificate and currently signs QGIS and GeoServer builds on his own machine. Now that build.geoserver.org is operational he requests permission to use this code signing certificate on build.geoserver.org.

Larry is very security aware and would like permission, formally, from OSGeo System Administration Committee before configuring build.geoserver.org with this certificate.

Access to this machine is limited to one boundless system administrator and members of the GeoServer PSC.

[warmerdam]

As an OSGeo Emeritus person I grant provisional permission to Larry to use this certificate for signing things via build.geoserver.org.

I'd like to suggest that we maintain a wiki page within the SAC Trac wiki to keep track of who has the certificate and for what purposes it is being used. This would then be added to it.

(by way of clarification, I understand this allows signing of binaries *as* OSGeo so caution in use and distribution of the certificate is important). Some notes on cert in ​https://wiki.osgeo.org/wiki/Board_Meeting_2015-10-15

[jive]

This certificate was purchased by the board ​https://wiki.osgeo.org/wiki/Board_Meeting_2015-10-15

Its management is given over to the system administrator committee; currently only Michael Smith (osgeo treasurer) and Larry Shaffer (qgis builds) is in possession of the certificate.

[warmerdam]

We (SAC) should also keep a copy of the certificate somewhere secure (like /root on {ldap,secure}.osgeo.org)

[jef]

And me. I signed the OSGeo4W installer with it.

[jive]

This windows build server is no longer available.