Last Comment Bug 66608 - Signtool distribution itself should be signed
: Signtool distribution itself should be signed
Status: NEW
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: unspecified
: Sun Solaris
: P2 enhancement (vote)
: 4.0
Assigned To: Robert Relyea
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-25 18:17 PST by Arshad Noor
Modified: 2006-03-30 14:48 PST (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Arshad Noor 2001-01-25 18:17:52 PST
Given that signtool is used to sign and verify software objects, customers
should be able to trust that they have a version of signtool that they can
trust - otherwise object signing doesn't make sense. 

I would like to propose that iPlanet/Mozilla.org, digitally sign the binary
and source distributions of signtool and make them available on your web
sites. 

Additionally, allow customers to be able to buy an official CD-ROM from 
iPlanet/Mozilla.org with signed versions of the signtool binary and source.
This way customes won't have to trust the websites, if they prefer to trust
official CD-ROMs from the company.
Comment 1 Keyser Sose 2001-01-28 14:40:03 PST
Marking NEW.
Comment 2 Ian McGreer 2001-01-29 08:28:06 PST
marking signtool bugs as future until 3.3 plan is ready.
Comment 3 Wan-Teh Chang 2001-02-27 15:56:16 PST
Set Target Milestone to NSS 3.3.  Assigned the RFE to
Bob for evaluation.
Comment 4 Robert Relyea 2001-11-28 17:15:56 PST
Signing out distribution in general would be a good idea, just not for 3.4.

bob
Comment 5 Wan-Teh Chang 2002-04-25 16:34:53 PDT
Changed the QA contact to Bishakha.

Note You need to log in before you can comment on or make changes to this bug.