Jesse Keating wrote:
A radical way to do this would be for Fedora to acquire a signing cert from Sun, and redistribute the key and cert with the JSS package.On Monday 12 March 2007 17:02:06 Matthew Miller wrote:On Mon, Mar 12, 2007 at 04:57:45PM -0400, Warren Togami wrote:Why this is bad? It still is not fully reproducible in a sense that other people can't take our source, modify it slightly, and make a Sun-blessed JSS JAR.I'm really against it. At the very least, it screws over CentOS. This a bad path to be going down. I'd much prefer gcj and the future Fedora-shipped implementation of the Sun JVM to make it easy to use self-generated certificates. If someone wants to install a proprietary JVM, let's make _that_ the hard case.I agree. How much fun would it be if apache suddenly decided to not function with self signed certs and any cert you used had to come from verasign ?
Plus: Anyone would be able to build and redistribute JSS, and it would load into any Java JCE implementation which required a signed jar. Minus: Anyone would be able to build and sign _any_ jar and claim that it was from Fedora, which would completely defeat the purpose of JCE, as well as any other application which required jar signing. For example, I download a random Java applet into my browser, and the dialog box pops up which says "This jar file was signed by the Fedora Completely Untrustworthy Key. Do you Accept or Decline to run this jar?" I don't exactly know what Sun would do if such a thing were to be unleashed into the wild . . .
-------------------------------------------------------------------------- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
