Description
That infrastructure now exists through code signing service by Symantec. One PMC member (or more) gets their own unique log in, pushes the artifact (.jar, in this example) to the service and is returned a signed artifact reflecting the ASF providence.
See the Incubator discussion http://markmail.org/message/lsf6px4tmfqnjlvf
See the Zest discussion http://zest.markmail.org/thread/ae3clozosid7oz3v