This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Trusted Software Vendor


On 6/9/2012 9:57 AM, Christopher Faylor wrote:

and I'm really not willing to burden cygwin.com with the cycles necessary to unpack tarballs at cygwin.com to sign them.

Based on the traffic I see to cygwin-apps, my sense is that this would amount to single-digit CPU-minutes per day, once you get through the initial conversion. That can be nice'd to the point that it takes a month; this doesn't have to be a Big Bang conversion.


I think a much bigger problem is getting a Linux toolchain set up on the main package repo server that can sign these executables. My Google-fu says the GNU tools have no idea how to do this today.

Then someone has to spend at least a few hours writing and testing the script to do all this. It might take a person-day.

Red Hat might not have to buy a code signing cert for this. They might already have one that will work: http://goo.gl/5Hm3C

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]