Apache Software Foundation : Code Signing Service is now Active

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

ASF (Apache Software Foundation) is a non-profit organization that supports more than 150 open-source software projects.

Recently, the infrastructure team at ASF announced that its new Code Signing service will be available on platforms such as Java, Windows and Android-based Applications. Any Apache project that needs to sign a code can use this newly launched code signing service.

The Apache projects have shipped source code and the code files are signed with a GPG (GNU Privacy Guard) signature, which allows users and providers to verify code authenticity. For this, users have to either comply their application/software or Apache will provide convenience binaries to some projects. For example, Apache’s project OpenOffice, where users receive binaries, is ready to run.

Apache Code Signing Service

After conducting several rounds of research, the ASF team chose Symantec’s Secure App service for providing their code signing service. This allows the ASP team to permit access on each Apache project along with each single Project Management Committee (PMC) to have their own certificates for signing. The nature of the code signing certificate issuance will be per project/individual, which allows the revocation of the certificate signature without disrupting any other projects.

How do I Activate the Code Signing Service?

As per the APS team’s report, this new code signing service allows users to sign their code using one of the following ways:

  1. Web GUI(Graphical User Interface)
  2. SOAP (Simple Object Access Protocol) API

** Note: ASP has already written the Java Client and an Ant Task for certificate signing, whereas the ‘Maven plug-in is still under development. **

Buy Symantec Code Signing at $327 Per Year – 21% Off

How Does the Code Signing Service Work?

The ASF team has developed this service based on the ‘pay for what you use’ principle. As per which, each PMC must use this service responsibly and as per their requirements. Additionally, the ASF team has granted permission to the Apache projects to access a test environment so that they can ensure that their code signing process is working fine.

Apache’s two worldwide famous projects Commons and Tomcat have successfully tested this code signing service and the ASF team has released the signed artifacts as Apache Commons Daemon 1.0.15 and Tomcat 8.0.14.

** Note: Each Apache project that intends to activate this code signing service must open an Infra JIRA ticket under the Code Signing components. **

Related Posts

Code Signing Certificate : Security for Software and Application
A Detailed Account about Code Signing Certificates
This entry was posted in Code Signing Certificates by Mit Gajjar. Bookmark the permalink.

About Mit Gajjar

I have been working as SSL security expert for 6 years and i have assisted to plenty of users to solve their technical issues while installation of SSL certificates on their web servers. It’s really great experience working with Platinum Partner Company CheapSSLSecurity to offer the most reliable SSL certificate security solution on the internet. Being Platinum Partner Company of Symantec, GeoTrust Thawte, Comodo, and RapidSSL, CheapSSLSecurity offers the cheapest SSL certificates security on the internet which starts at just only $3.20/yr.