Changes between Version 5 and Version 6 of Signing
- Timestamp:
- Nov 5, 2015, 11:36:49 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Signing
v5 v6 6 6 '''Anita Graser''' and the '''QGis Team''' are interested in signing binaries 7 7 8 jgarnettproposed a motion at the Board level (also represents Boundless community outreach); Michael Smith supports; Sanghee Shin, Jorge Sanz supporting8 '''jgarnett''' proposed a motion at the Board level (also represents Boundless community outreach); Michael Smith supports; Sanghee Shin, Jorge Sanz supporting 9 9 10 10 * http://lists.osgeo.org/pipermail/board/2015-October/013445.html … … 21 21 '''nhv''' is observing 22 22 23 darkblue_b comments: I believe there are at least several, related topics here.. OSGeo.org Signing binaries in an official capacity; TLS certificates for web sites to enable modern, safe browsing; internal methods to authenticate users and machines within the OSGeo server architecture; SAC Roadmap and implementation of chosen activities; Board indicationof priorities, funding, and formal external alliances, both explicit and implicit.23 darkblue_b comments: I believe there are at least several, related topics here.. OSGeo.org Signing binaries in an official capacity; TLS certificates for web sites to enable modern, safe browsing; OSGeo SAC internal methods to authenticate users and machines within the OSGeo server architecture; OSGeo SAC Roadmap and implementation of chosen activities; OSGeo Board decisions of priorities, funding, and formal external alliances, both explicit and implicit. 24 24 25 ''After consultations and some research, I believe OSGeo can use the Debian project method of signing with a GNU PGP key, and put the LocationTech method with a certificate authority as something to be looked into. Generally, I support jgarnett in using money and authoritative signatures for OSGeo projects, but it looks like it is not a requirement to proceed.''25 ''After consultations and some research, I believe OSGeo can use the Debian project method of signing with a GNU PGP key, and put the LocationTech method with a certificate authority as something to be looked into... Generally, I support jgarnett in using money and authoritative signatures for OSGeo projects, but it looks like it is not a requirement to proceed.'' 26 26 27 27 The following sections attempts to address various sections. ''This document is under construction.'' … … 42 42 LocationTech says in their handbook 43 43 http://www.eclipse.org/projects/handbook/locationtech.html 44 {{{ 45 ... 46 Signed Artifacts 44 47 45 Signed Artifacts 46 47 Where technically sensible, all downloadable artifacts should be signed 48 Where technically sensible, all downloadable artifacts should be signed 48 49 <https://wiki.eclipse.org/JAR_Signing> by an Eclipse Foundation-provided 49 50 certificate. 51 }}} 50 52 51 53 … … 86 88 I wrote to Peter very shortly after our email exchange, but I have not heard anything back. Basically, I can sum up our inquiry this way: 87 89 88 89 90 90 91 * OSGeo.org wants to participate in Let's Encrypt … … 152 153 https://github.com/OldCoder/make-openssl-site/blob/master/make-openssl-site.sh 153 154 155 https://en.wikipedia.org/wiki/Transport_Layer_Security 154 156 155