[Board] OSGeo signing certificates (discussion)

Brian M Hamlin maplabs at light42.com
Thu Oct 15 09:45:54 PDT 2015 

Hi All -
 
  thank you to the new Board facing a list of things to attend to.. 
 
I have to say that the motion as worded is avoiding a crucial 
component, and that is, who are the vendors involved, and who "owns" 
the right to validate the authenticity of a cert. 
The dysfunction in the current cert ecosystem is well-known, so I am 
not naively suggesting that there is a simple fix. However, it is 
important to know, as a dot-org representing FOSS, who cert authority 
is being purchased from, and what that means. 
 
  best regards from Berkeley, California
  Brian M Hamlin
 

On Thu, 15 Oct 2015 09:11:48 -0700, Jody Garnett  wrote:

       Today's board meeting had the following agenda topic: 

   * discuss possibility of OSGeo software signing certificates [Anita] 
(i.e. OSX seems to not allow installation of unsigned software by 
default --> user needs to change configuration --> signed software 
would appear more professional. On the QGIS mailing list, we were 
discussing that we could have a QGIS.org certificate but since QGIS 
depends on so many other OSGeo tools - which would also have to be 
signed - it might be more appropriate to have an OSGeo certificate.)

 
Moving discussion here to the mailing list, and will make the motion tomorrow. 
 
As this is the OSGeo board mailing list I would like to keep the 
technical details of signing to a minimum and focus on our role in 
supporting the QGIS project. 
 
We are focused on a very clear question - can OSGeo obtaining a 
certificate for use by OSGeo projects. The cost appears to be nominal 
(one quote is $160/yearly). 
 
I view this as an appropriate use of the OSGeo branding and 
well within our capacity as an organization. 
--
Jody Garnett

-------------------------

_______________________________________________
Board mailing list
Board at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/board

--
Brian M Hamlin
OSGeo California Chapter
blog.light42.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20151015/7ada7378/attachment.htm>

More information about the Board mailing list