[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[dsdp-ercp-dev] Re: [Fwd: [eclipse.org-committers] Jar signing, Downloads]
|
Yep, I was thinking about the windows desktop distro only. Mobiles is a
different story.
How about our update manager, does it work with signed bundles?
Mark Rogalski wrote:
I don't think this kind of signing will be of much use to the project
because mobile devices will not be shipped with an Eclipse Foundation
public key certificate. Most likely, code meant to run on devices will
have to be signed by an organization (such as GeoTrust, Symbian, etc.)
that has a public key certificate shipping on the device.
*Gorkem Ercan <gercan@xxxxxxx>*
Sent by: Gorkem Ercan <gorkem.ercan@xxxxxxxxx>
10/21/2006 02:40 AM
To
DSDP ercp list <dsdp-ercp-dev@xxxxxxxxxxx>, Mark
Rogalski/Austin/IBM@IBMUS
cc
Subject
[Fwd: [eclipse.org-committers] Jar signing, Downloads]
Hmm, we have not disscussed about this earlier but I guess we will
need it.
I recommend the we specify myself and Mark since we have been working
with the builds so far and already familiar with the 'infrastructure'.
As usual any other suggestions are welcome.
--
Gorkem Ercan
-------- Original Message --------
Subject: [eclipse.org-committers] Jar signing, Downloads
Date: Fri, 20 Oct 2006 10:53:22 -0400
From: Eclipse WebMaster (Denis Roy)
<webmaster@xxxxxxxxxxx>
To: eclipse.org-committers@xxxxxxxxxxx
Greetings all,
A short update for you today:
*1. Jar signing
*The Eclipse Foundation, with help from the Eclipse project team, has
set up an infrastructure that will enable you to sign your JAR files, as
well as JAR files within a ZIP file. The files are signed by the
Foundation, using a Foundation-owned code signing certificate. We will
be extending signing privileges to one or two committers on each project.
How does it work?
1. You Project Lead must tell us (webmaster) who is allowed to sign JARs
for your project.
2. When you've been granted signing privileges, you use an SSH client
and connect to build.eclipse.org using your committer account as usual.
3. You must copy/move the files you wish to sign to the downloads
*staging area*. We do not allow you to sign files from any other location.
4. You type a command that will add files to the signing queue. The
queue is processed automatically, and you can get an e-mail notification
when signing is complete.
5. You can then move the signed files from the staging area to your
downloads area.
Detailed instructions on the signing process will be sent to those
committers who are appointed as signers.
If you have any questions about signing, please ask, or refer to these
documents:
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=135044
- http://wiki.eclipse.org/index.php/JAR_Signing
*2. Downloads vs. archives
*When moving files from download.eclipse.org to archive.eclipse.org, a
common pain point was the need to update all your download links. If
you're using http://www.eclipse.org/downloads/download.php?file= (and
you should be), you don't need to update your download links anymore.
When download.php cannot find the requested file on
download.eclipse.org, it searches the exact same file on
archive.eclipse.org. This change should help simplify moving files to
the archives.
As usual, thanks for reading.
Denis
--
Denis Roy
Manager, IT Infrastructure
Eclipse Foundation, Inc. -- http://www.eclipse.org/
Office: 613.224.9461 x224
Cell: 819.210.6481
denis.roy@xxxxxxxxxxx
--
Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at
http://wiki.eclipse.org/index.php/Webmaster_FAQ
View my status at http://wiki.eclipse.org/index.php/WebMaster
_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
