[Board] [EXTERNAL] Re: OSGeo signing certificates (discussion)
michael.smith.erdc at gmail.com
Thu Oct 15 13:12:50 PDT 2015
LocationTech says in their handbook
Where technically sensible, all downloadable artifacts should be signed
<https://wiki.eclipse.org/JAR_Signing> by an Eclipse Foundation-provided
OSGeo Foundation Treasurer
treasurer at osgeo.org
From: Sanghee Shin <shshin at gaia3d.com>
Date: Thursday, October 15, 2015 at 4:10 PM
To: Michael Smith <michael.smith.erdc at gmail.com>
Cc: Sanghee Shin <shshin at gaia3d.com>, Anita Graser <anitagraser at gmx.at>,
Jody Garnett <jody.garnett at gmail.com>, "board at lists.osgeo.org"
<board at lists.osgeo.org>
Subject: Re: [Board] [EXTERNAL] Re: OSGeo signing certificates (discussion)
> Hi all,
> I totally agree with Mike. And I just wonder if there’s any similar case from
> other open source communities.
> Best regards,
> Shin, Sanghee
> Gaia3D, Inc. - The GeoSpatial Company
>> 2015. 10. 15., 오후 8:48, Michael Smith <michael.smith.erdc at gmail.com> 작성:
>> I think this makes a lot of sense and its very much a part of our mission
>> statement to provide the foundational/infrastructure pieces for projects.
>> And I concur that this should be at the OSGeo level, not at the project
>> Michael Smith
>> OSGeo Foundation Treasurer
>> treasurer at osgeo.org
>> From: Board <board-bounces at lists.osgeo.org> on behalf of Anita Graser
>> <anitagraser at gmx.at>
>> Date: Thursday, October 15, 2015 at 1:46 PM
>> To: Jody Garnett <jody.garnett at gmail.com>
>> Cc: "board at lists.osgeo.org" <board at lists.osgeo.org>
>> Subject: [EXTERNAL] Re: [Board] OSGeo signing certificates (discussion)
>> Resent-From: Michael Smith <michael.smith at usace.army.mil>
>>> On Thu, Oct 15, 2015 at 6:49 PM, Jody Garnett <jody.garnett at gmail.com>
>>>> Thanks, could the boardwalk with the SAC to obtain a useful certificate?
>>>> For this discussion/motion I am seeking the direction "this is something we
>>>> should do" from the board.
>>>> I am in a small conflict of interest here as a "community lead" at
>>>> boundless we have also offered to sign bundles as a member of the QGIS
>>>> community. The board could also ask the qgis non-profit to obtain a
>>>> certificate and sign, but I would prefer if we stick with the OSGeo
>>>> branding (which helps many more projects then just QGIS).
>>> One example where an OSGeo certificate would make much more sense than
>>> separate ones is the QGIS Mac KyngChaos installer. (Pretty much quoting my
>>> colleague Richard D. here.) Since William prefers to package the
>>> dependencies separately, it would seem quite awkward to sign, e.g. GDAL with
>>> the QGIS.org <http://qgis.org> certificate. A general OSGeo certificate
>>> would seem appropriate. I assume the same might be the case sooner or later
>>> for the OSGeo4W installer.
>>> Best wishes,
>> Board mailing list
>> Board at lists.osgeo.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Board