This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Trusted Software Vendor
- From: Warren Young <warren at etr-usa dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 12 Jun 2012 06:57:45 -0600
- Subject: Re: Trusted Software Vendor
- References: <!&!AAAAAAAAAAAYAAAAAAAAAH3PqnIBVHtCiVMVjN0ExZLigAAAEAAAAJXIkaLIcH5Pn+g+gRSa2KoBAAAAAA==@expertise.cl> <20120608184641.GA13771@ednor.casa.cgf.cx> <4FD32DC5.10703@gmail.com> <20120609155700.GA21988@ednor.casa.cgf.cx>
On 6/9/2012 9:57 AM, Christopher Faylor wrote:
and I'm really
not willing to burden cygwin.com with the cycles necessary to unpack
tarballs at cygwin.com to sign them.
Based on the traffic I see to cygwin-apps, my sense is that this would
amount to single-digit CPU-minutes per day, once you get through the
initial conversion. That can be nice'd to the point that it takes a
month; this doesn't have to be a Big Bang conversion.
I think a much bigger problem is getting a Linux toolchain set up on the
main package repo server that can sign these executables. My Google-fu
says the GNU tools have no idea how to do this today.
Then someone has to spend at least a few hours writing and testing the
script to do all this. It might take a person-day.
Red Hat might not have to buy a code signing cert for this. They might
already have one that will work: http://goo.gl/5Hm3C
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple