consider changing the signature source from an individual to CFF

cloudfoundry-incubator / cflocal

Stage and launch CF apps, push and pull droplets, and connect to real CF services -- in Docker

Apache License 2.0

178 stars 27 forks source link

consider changing the signature source from an individual to CFF #21

Open jbayer opened 6 years ago

jbayer commented 6 years ago

right now the README states that files are signed by the @sclevine keybase.io. is there a better approach than using an individual in the future?

sclevine commented 6 years ago

There's some discussion about this here. Bret has also reached out to me directly about signing the CF Local binaries with a trusted code signing certificate so that they can be used on locked-down Windows machines.

I should follow up with @chipchilders to see if the CFF could send me a hardware token with the same code signing certificate that's used by the CF CLI, or alternatively, if the CFF could purchase additional certificates for CLI plugin authors.