On Mon, 2007-03-12 at 23:13 +0100, Nicolas Mailhot wrote: > Le lundi 12 mars 2007 à 17:29 -0400, Simo Sorce a écrit : > > On Mon, 2007-03-12 at 16:33 -0400, Warren Togami wrote: > > > Nicolas Mailhot wrote: > > > > > > > > The problem is SUN controls the default certificate list in jvms, and > > > > it's reinitialised every time you update a vendor jvm, so in practical > > > > terms only SUN-approved keys "just work" > > > > > > > > > > This might have interesting consequences for Sun's plans to GPLv3 their > > > Java. > > > > Why? > > Is their own signature required for the package to work, and nothing > > else will work even if rebuilt from scratch? > > commercial jvms will barf if a crypto package is not signed with a > SUN-approved certificate Won't commercial JVMs ship with their own signed binary crypto package? Or alternatively, if you're willing to run a commercial JVM, you're probably willing to go download the signed binary crypto package. Jeff
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
