-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorise expenditure of $535.00 USD for Microsoft Authenticode signing certificate #347
Comments
Ping @mrhinkle @hackygolucky |
/s/lifting/raising/, right? |
SGTM +! |
sgtm
Il giorno mar 12 set 2017 alle 13:33 Myles Borins <notifications@github.com>
ha scritto:
… SGTM +!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#347 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AADL4_PtTl25Kf_oOXwP6qUV3-fQKGFPks5shmv8gaJpZM4PUe65>
.
|
+1 from me. |
SGTM |
LGTM |
LGTM. 3 years sounds fine. |
LGTM |
LGTM, 3 years looks like the best choice here. |
Discussed in the TSC meeting today, no opposition to going with the 3 year cert so lets just do that. |
@rvagg have you gone ahead with this ? Wondering if we can close the issue. |
ping @rvagg |
👍 making it happen now |
Got a new certificate. Unfortunately the Linux Foundation decided to ask Mark Hinkle for permission after I submitted the request for them to pay for it (referencing this thread) and he told them to only pay for 1 year so we can "replace it with Lets Encrypt after that". So we have a 1 year certificate and will have to revisit this again in a year. I'll try and figure out why I/we didn't get notification from DigiCert about the renewal so it doesn't hit us by surprise again. |
Pushing to get a 3-year cause of the USB requirement. None of us wants to be hit with the requirement to have physical access to a signing server so the further we can push that down the road the better. This may mean we have to wear additional expenditure if the 1-year renewal can't be upgraded but I'll push for the executive to own that expense and it not come from the TSC budget since we explicitly requested a 3-year. |
OK, they phoned DigiCert and extended it out to 3-years, so yay! Will close this now and discuss progress back in nodejs/build#874 on getting it installed. |
It was just brought to my attention that our .msi signing certificate is due to expire on the 23rd of October. This certificate is how our installer avoids any warning messages about being untrusted when run on Windows.
Options are:
Given how annoying this whole process is, and that it seems like they may be lifting the security requirements for using these keys which may mean our next one needs to be used off a USB device, I'd like to go with the 3 year option. We have an account with DigiCert and if approved I'll just give the login details to the finance people at the Linux Foundation to click through and purchase it for us. I'd like this authorised ASAP so we don't have to leave this to the last minute. Sorry there wasn't more warning, I haven't received any notifications about it expiring from DigiCert.
The text was updated successfully, but these errors were encountered: