Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-11118

Participation in Code Signing by HTTP Server project

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Planned Work
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • Jul 2016
    • Codesigning
    • None


      Raising a ticket to express interest...

      For some time, the value of an ASF shipping Windows httpd binary has been negligible, as various lgpl and gpl components could be combined by other parties and assembled as a more complete version of httpd. It has been a few years since the httpd project has shipped Windows binaries.

      With the introduction of code signing, this becomes interesting once again for httpd to ship what are the official sources built for Windows, particularly with the introduction of a persistent runtime in Visual C 14. I'm willing to take this on if the Code signing service agreement can be extended.

      Note that an httpd 2.4 package consists of about 48 programs and dynamic libraries, and some 108 modules. Internal to the installer there is a script rewriting binary and the install package itself, for a total of soon to be 160 signed objects per release. Releases of 2.4 occur about 4 times a year with releases of the legacy package (2.2 at present) which occur 2 times a year.

      Given the number of components, some batch submission mechanism is required to consider this effort.

      Please provide feedback about the commitment to renewing the Symantec service, and I would like to participate in this offering, going forwards, if the commitment is there.



          This comment will be Viewable by All Users Viewable by All Users


            markt Mark Thomas
            wrowe@apache.org William A. Rowe, Jr.
            0 Vote for this issue
            0 Start watching this issue



              Issue deployment