We deployed a new version of the signing service that utilizes Google KMS as a backend. This solution is much more scalable and brings the build times back to normal.

We explored third-party services, but they aren't viable for the Eclipse Foundation due to our high signing volume. We're now looking into scaling up with Cloud HSM or multiple on-premise HSMs. Details available at https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4680

Since the deployment of new code-signing certificates hosted on Hardware Security Modules (HSM), the performance of the code-signing services for JAR signing and Authenticode has dropped significantly. We are investigating solutions. Want to know more or help? See https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4680