Changes between Version 5 and Version 6 of Signing


Ignore:
Timestamp:
Nov 5, 2015, 11:36:49 AM (8 years ago)
Author:
darkblueb
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Signing

    v5 v6  
    66'''Anita Graser''' and the '''QGis Team''' are interested in signing binaries
    77
    8 jgarnett  proposed a motion at the Board level (also represents Boundless community outreach); Michael Smith supports; Sanghee Shin, Jorge Sanz supporting
     8'''jgarnett'''  proposed a motion at the Board level (also represents Boundless community outreach); Michael Smith supports; Sanghee Shin, Jorge Sanz supporting
    99
    1010*  http://lists.osgeo.org/pipermail/board/2015-October/013445.html
     
    2121'''nhv''' is observing
    2222
    23 darkblue_b comments:  I believe there are at least several, related topics here.. OSGeo.org Signing binaries in an official capacity; TLS certificates for web sites to enable modern, safe browsing; internal methods to authenticate users and machines within the OSGeo server architecture; SAC Roadmap and implementation of chosen activities; Board indication of priorities, funding, and formal external alliances, both explicit and implicit.
     23darkblue_b comments:  I believe there are at least several, related topics here.. OSGeo.org Signing binaries in an official capacity; TLS certificates for web sites to enable modern, safe browsing; OSGeo SAC internal methods to authenticate users and machines within the OSGeo server architecture; OSGeo SAC Roadmap and implementation of chosen activities; OSGeo Board decisions of priorities, funding, and formal external alliances, both explicit and implicit.
    2424
    25 ''After consultations and some research, I believe OSGeo can use the Debian project method of signing with a GNU PGP key, and put the LocationTech method with a certificate authority as something to be looked into. Generally, I support jgarnett in using money and authoritative signatures for OSGeo projects, but it looks like it is not a requirement to proceed.''
     25''After consultations and some research, I believe OSGeo can use the Debian project method of signing with a GNU PGP key, and put the LocationTech method with a certificate authority as something to be looked into... Generally, I support jgarnett in using money and authoritative signatures for OSGeo projects, but it looks like it is not a requirement to proceed.''
    2626
    2727The following sections attempts to address various sections. ''This document is under construction.''
     
    4242LocationTech says in their handbook
    4343http://www.eclipse.org/projects/handbook/locationtech.html
     44{{{
     45  ...
     46  Signed Artifacts
    4447
    45 Signed Artifacts
    46 
    47 Where technically sensible, all downloadable artifacts should be signed
     48  Where technically sensible, all downloadable artifacts should be signed
    4849<https://wiki.eclipse.org/JAR_Signing>  by an Eclipse Foundation-provided
    4950certificate.
     51}}}
    5052
    5153
     
    8688  I wrote to Peter very shortly after our email exchange, but I have not heard anything back. Basically, I can sum up our inquiry this way:
    8789
    88  
    8990
    9091  * OSGeo.org wants to participate in  Let's Encrypt
     
    152153https://github.com/OldCoder/make-openssl-site/blob/master/make-openssl-site.sh
    153154
     155https://en.wikipedia.org/wiki/Transport_Layer_Security
    154156
    155