[dsdp-ercp-dev] Re: [Fwd: [eclipse.org-committers] Jar signing, Download

[Gorkem Ercan <gercan@xxxxxxx>]

Looking at platform 3.3 on update manager and Callisto plans signed 
plugin support is one of the new features for 3.3.
I think we should include those in our plans for update manager as well.

One of the musts for callisto release is providing signed jars. Although 
we are not part of the Callisto release train, we should spend a good 
effort to make our practices as close as possible to Callisto practices 
so that we can join the next release train.
--
Gorkem


Mark Rogalski wrote:
> As far as I know, Update Manager (and eUpdate) know nothing about 
> signing.
>
>
>
> *Gorkem Ercan <gercan@xxxxxxx>*
> Sent by: Gorkem Ercan <gorkem.ercan@xxxxxxxxx>
>
> 10/22/2006 12:59 AM
>
> 	
> To
> 	Mark Rogalski/Austin/IBM@IBMUS
> cc
> 	DSDP ercp list <dsdp-ercp-dev@xxxxxxxxxxx>
> Subject
> 	Re: [Fwd: [eclipse.org-committers] Jar signing, Downloads]
>
>
>
> 	
>
>
>
>
>
> Yep, I was thinking about the windows desktop distro only. Mobiles is a
> different story.
>
> How about our update manager, does it work with signed bundles?
>
>
> Mark Rogalski wrote:
> >
> > I don't think this kind of signing will be of much use to the project
> > because mobile devices will not be shipped with an Eclipse Foundation
> > public key certificate. Most likely, code meant to run on devices will
> > have to be signed by an organization (such as GeoTrust, Symbian, etc.)
> >  that has a public key certificate shipping on the device.
> >
> >
> >
> >
> > *Gorkem Ercan <gercan@xxxxxxx>*
> > Sent by: Gorkem Ercan <gorkem.ercan@xxxxxxxxx>
> >
> > 10/21/2006 02:40 AM
> >
> >                  
> > To
> >                  DSDP ercp list <dsdp-ercp-dev@xxxxxxxxxxx>, Mark
> > Rogalski/Austin/IBM@IBMUS
> > cc
> >                  
> > Subject
> >                  [Fwd: [eclipse.org-committers] Jar signing, Downloads]
> >
> >
> >
> >                  
> >
> >
> >
> >
> >
> > Hmm, we have not disscussed about this earlier but I guess we will
> > need it.
> > I recommend the we specify myself and Mark since we have been working
> > with the builds so far and already familiar with the 'infrastructure'.
> >
> > As usual any other suggestions are welcome.
> >
> > --
> > Gorkem Ercan
> >
> >
> >
> > -------- Original Message --------
> > Subject:                  [eclipse.org-committers] Jar signing, 
> Downloads
> > Date:                  Fri, 20 Oct 2006 10:53:22 -0400
> > From:                  Eclipse WebMaster (Denis Roy)
> > <webmaster@xxxxxxxxxxx>
> > To:                  eclipse.org-committers@xxxxxxxxxxx
> >
> >
> >
> > Greetings all,
> >
> > A short update for you today:
> >
> > *1. Jar signing
> > *The Eclipse Foundation, with help from the Eclipse project team, has
> > set up an infrastructure that will enable you to sign your JAR files, as
> > well as JAR files within a ZIP file. The files are signed by the
> > Foundation, using a Foundation-owned code signing certificate. We will
> > be extending signing privileges to one or two committers on each 
> project.
> >
> > How does it work?
> >
> > 1. You Project Lead must tell us (webmaster) who is allowed to sign JARs
> > for your project.
> >
> > 2. When you've been granted signing privileges, you use an SSH client
> > and connect to build.eclipse.org using your committer account as usual.
> >
> > 3. You must copy/move the files you wish to sign to the downloads
> > *staging area*. We do not allow you to sign files from any other 
> location.
> >
> > 4. You type a command that will add files to the signing queue. The
> > queue is processed automatically, and you can get an e-mail notification
> > when signing is complete.
> >
> > 5. You can then move the signed files from the staging area to your
> > downloads area.
> >
> > Detailed instructions on the signing process will be sent to those
> > committers who are appointed as signers.
> >
> >
> > If you have any questions about signing, please ask, or refer to these
> > documents:
> > - https://bugs.eclipse.org/bugs/show_bug.cgi?id=135044
> > - http://wiki.eclipse.org/index.php/JAR_Signing
> >
> >
> > *2. Downloads vs. archives
> > *When moving files from download.eclipse.org to archive.eclipse.org, a
> > common pain point was the need to update all your download links.  If
> > you're using http://www.eclipse.org/downloads/download.php?file= (and
> > you should be), you don't need to update your download links anymore.
> > When download.php cannot find the requested file on
> > download.eclipse.org, it searches the exact same file on
> > archive.eclipse.org.  This change should help simplify moving files to
> > the archives.
> >
> > As usual, thanks for reading.
> >
> > Denis
> >
> >
> > --
> > Denis Roy
> > Manager, IT Infrastructure
> > Eclipse Foundation, Inc.  --  http://www.eclipse.org/
> > Office: 613.224.9461 x224
> > Cell: 819.210.6481
> > denis.roy@xxxxxxxxxxx
> >
> >
> > --
> >
> > Eclipse WebMaster - webmaster@xxxxxxxxxxx
> > Questions? Consult the WebMaster FAQ at
> > http://wiki.eclipse.org/index.php/Webmaster_FAQ
> > View my status at http://wiki.eclipse.org/index.php/WebMaster
> >
> > _______________________________________________
> > eclipse.org-committers mailing list
> > eclipse.org-committers@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
> >
> >