On Mon, 2007-03-12 at 15:16 -0600, Richard Megginson wrote: > Jesse Keating wrote: > > On Monday 12 March 2007 17:02:06 Matthew Miller wrote: > > > >> On Mon, Mar 12, 2007 at 04:57:45PM -0400, Warren Togami wrote: > >> > >>> Why this is bad? > >>> It still is not fully reproducible in a sense that other people can't > >>> take our source, modify it slightly, and make a Sun-blessed JSS JAR. > >>> > >> I'm really against it. At the very least, it screws over CentOS. This a bad > >> path to be going down. > >> > >> I'd much prefer gcj and the future Fedora-shipped implementation of the Sun > >> JVM to make it easy to use self-generated certificates. If someone wants to > >> install a proprietary JVM, let's make _that_ the hard case. > >> > > > > I agree. How much fun would it be if apache suddenly decided to not function > > with self signed certs and any cert you used had to come from verasign ? > > > A radical way to do this would be for Fedora to acquire a signing cert > from Sun, and redistribute the key and cert with the JSS package. Clarification: Fedora can't acquire a signing cert from Sun. Only Red Hat, Inc can. I doubt Red Hat is willing to get a cert/key, then freely distribute them with the packages. I can hear lawyers screaming at the thought. IMHO, either we ship them unsigned, or we don't ship them. When Sun GPLs the Java bits, we can fix this properly. ~spot -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
