Re: RFC: Signed JAR Packaging Policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le lundi 12 mars 2007 à 14:46 -0400, Jesse Keating a écrit :
> On Monday 12 March 2007 14:28:25 Warren Togami wrote:
> > https://www.redhat.com/archives/fedora-extras-list/2007-February/msg00166.h
> >tml Red Hat's Directory Server team wants to add JSS to Fedora.  But this is
> > currently blocked, because the JSS JAR must be signed by an upstream key.
> 
> How does this work for pure end users that want to build / deploy?  Are they 
> completely unable to sign the jar themselves?  Could we ship an unsigned jar, 
> allow the end user to sign the jar using whatever method they need to?

The problem is SUN controls the default certificate list in jvms, and
it's reinitialised every time you update a vendor jvm, so in practical
terms only SUN-approved keys "just work"

Even if a user could authorise his own or Fedora's certificate (not sure
he can) remembering to do it after every update is just too much hassle

gcj could of course ignore this but knowing one can switch to a
proprietary jvm any time goes a long way to reassure users.

-- 
Nicolas Mailhot

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers

--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux