Trusted Software Vendor
Warren Young
warren@etr-usa.com
Tue Jun 12 12:58:00 GMT 2012
On 6/9/2012 9:57 AM, Christopher Faylor wrote:
>
>and I'm really
> not willing to burden cygwin.com with the cycles necessary to unpack
> tarballs at cygwin.com to sign them.
Based on the traffic I see to cygwin-apps, my sense is that this would
amount to single-digit CPU-minutes per day, once you get through the
initial conversion. That can be nice'd to the point that it takes a
month; this doesn't have to be a Big Bang conversion.
I think a much bigger problem is getting a Linux toolchain set up on the
main package repo server that can sign these executables. My Google-fu
says the GNU tools have no idea how to do this today.
Then someone has to spend at least a few hours writing and testing the
script to do all this. It might take a person-day.
Red Hat might not have to buy a code signing cert for this. They might
already have one that will work: http://goo.gl/5Hm3C
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list