coapp-developers team mailing list archive

Thread
Date

Re: Let's talk about libraries

To: coapp-developers@xxxxxxxxxxxxxxxxxxx
From: Gordon Schumacher <whiplash@xxxxxxxxx>
Date: Tue, 13 Apr 2010 11:00:15 -0600
In-reply-to: <j2zace5c4eb1004130546p46672d5bxe9e0c1222fb3f570@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4

On 4/13/2010 6:46 AM, Ivan Meredith wrote:
>
>
>     Here's my suggestion for addressing this: a non-profit company is
>     registered in the States (e.g. 'CoApp Software Foundation', akin
>     to Apache Software Foundation, Python Software Foundation, etc). 
>     A VeriSign code-signing certificate is purchased, and we establish
>     a process for building and signing CoApp-compliant apps on behalf
>     of the open source projects (assuming their release meets the
>     pre-requisites we define in the aforementioned process).
>
>
> I think its a fairly good idea, but I still don't think packages
> should *have* to be signed by the  'CoApp Software Foundation'. If
> they *have* to be signed by a specific CA, then I guess they do have
> to be signed by CoApp, or at least someone will need to have there own
> certificate. But thats not ideal in my opinion. 
>

I would also request that in thinking about this, we not limit ourselves
to the WinSXS issue - open-source projects were the first thing that
came to mind for me when I heard about the signing requirement for
drivers as well!

References

Let's talk about libraries
From: Garrett Serack, 2010-04-12
Re: Let's talk about libraries
From: Adam Baxter, 2010-04-13
Re: Let's talk about libraries
From: Ivan Meredith, 2010-04-13
Re: Let's talk about libraries
From: Trent Nelson, 2010-04-13
Re: Let's talk about libraries
From: Ivan Meredith, 2010-04-13