[Board] [EXTERNAL] Re: OSGeo signing certificates (discussion)

Michael Smith michael.smith.erdc at gmail.com
Thu Oct 15 13:12:50 PDT 2015


LocationTech says in their handbook

Signed Artifacts
Where technically sensible, all downloadable artifacts should be signed
<https://wiki.eclipse.org/JAR_Signing>  by an Eclipse Foundation-provided
certificate.


http://www.eclipse.org/projects/handbook/locationtech.html

Mike

Michael Smith
OSGeo Foundation Treasurer
treasurer at osgeo.org

From:  Sanghee Shin <shshin at gaia3d.com>
Date:  Thursday, October 15, 2015 at  4:10 PM
To:  Michael Smith <michael.smith.erdc at gmail.com>
Cc:  Sanghee Shin <shshin at gaia3d.com>, Anita Graser <anitagraser at gmx.at>,
Jody Garnett <jody.garnett at gmail.com>, "board at lists.osgeo.org"
<board at lists.osgeo.org>
Subject:  Re: [Board] [EXTERNAL] Re: OSGeo signing certificates (discussion)

> Hi all, 
> 
> I totally agree with Mike. And I just wonder if there’s any similar case from
> other open source communities.
> 
> Best regards, 
> 
> 신상희
> ---
> Shin, Sanghee
> Gaia3D, Inc. - The GeoSpatial Company
> http://www.gaia3d.com
> 
>> 2015. 10. 15., 오후 8:48, Michael Smith <michael.smith.erdc at gmail.com> 작성:
>> 
>> I think this makes a lot of sense and its very much a part of our mission
>> statement to provide the foundational/infrastructure pieces for projects.
>> 
>> And I concur that this should be at the OSGeo level, not at the project
>> level.
>> 
>> Mike
>> 
>> Michael Smith
>> OSGeo Foundation Treasurer
>> treasurer at osgeo.org
>> 
>> From:  Board <board-bounces at lists.osgeo.org> on behalf of Anita Graser
>> <anitagraser at gmx.at>
>> Date:  Thursday, October 15, 2015 at  1:46 PM
>> To:  Jody Garnett <jody.garnett at gmail.com>
>> Cc:  "board at lists.osgeo.org" <board at lists.osgeo.org>
>> Subject:  [EXTERNAL] Re: [Board] OSGeo signing certificates (discussion)
>> Resent-From:  Michael Smith <michael.smith at usace.army.mil>
>> 
>>> 
>>> 
>>> On Thu, Oct 15, 2015 at 6:49 PM, Jody Garnett <jody.garnett at gmail.com>
>>> wrote:
>>>> Thanks, could the boardwalk with the SAC to obtain a useful certificate?
>>>> For this discussion/motion I am seeking the direction "this is something we
>>>> should do" from the board.
>>>> I am in a small conflict of interest here as a "community lead" at
>>>> boundless we have also offered to sign bundles as a member of the QGIS
>>>> community. The board could also ask the qgis non-profit to obtain a
>>>> certificate and sign, but I would prefer if we stick with the OSGeo
>>>> branding (which helps many more projects then just QGIS).
>>> 
>>> ​One example where an OSGeo certificate would make much more sense than
>>> separate ones is the QGIS Mac KyngChaos installer. (Pretty much quoting my
>>> colleague Richard D. here.) Since William prefers to package the
>>> dependencies separately, it would seem quite awkward to sign, e.g. GDAL with
>>> the QGIS.org <http://qgis.org>  certificate. A general OSGeo certificate
>>> would seem appropriate. I assume the same might be the case sooner or later
>>> for the OSGeo4W installer.
>>> 
>>> Best wishes,
>>> Anita
>>> 
>>> 
>> _______________________________________________
>> Board mailing list
>> Board at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/board
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20151015/2338049c/attachment.html>


More information about the Board mailing list