OpenTimelineIO icon indicating copy to clipboard operation
OpenTimelineIO copied to clipboard

Published 20 hours ago verified publisher icon AcademySoftwareFoundation

[ASWF] Cryptographically sign releases

Open meshula opened this issue 7 months ago • 0 comments

Required:

[X] I believe this isn't a duplicate topic
[X] This report is not related to an adapter

Select One:

[ ] Build problem
[X] Incorrect Functionality or bug
[ ] New feature or functionality

Description

ASWF compliance bulletin states

The project MUST cryptographically sign releases of the project results intended for widespread use, and there MUST be a documented process explaining to users how they can obtain the public signing keys and verify the signature(s). The private key for these signature(s) MUST NOT be on site(s) used to directly distribute the software to the public. If releases are not intended for widespread use, select not applicable" (N/A)."

Optional

OpenEXR has achieved this goal, the solution the use should be checked for suitability to OpenTimelineIO, and then we should decide whether it is or is not appropriate to OTIO. If it is, we should adopt it, and if not, we should select N/A.

meshula avatar Jul 11 '24 17:07 meshula