Re: RFC: Signed JAR Packaging Policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-03-12 at 23:13 +0100, Nicolas Mailhot wrote:
> Le lundi 12 mars 2007 à 17:29 -0400, Simo Sorce a écrit :
> > On Mon, 2007-03-12 at 16:33 -0400, Warren Togami wrote:
> > > Nicolas Mailhot wrote:
> > > > 
> > > > The problem is SUN controls the default certificate list in jvms, and
> > > > it's reinitialised every time you update a vendor jvm, so in practical
> > > > terms only SUN-approved keys "just work"
> > > > 
> > > 
> > > This might have interesting consequences for Sun's plans to GPLv3 their 
> > > Java.
> > 
> > Why?
> > Is their own signature required for the package to work, and nothing
> > else will work even if rebuilt from scratch?
> 
> commercial jvms will barf if a crypto package is not signed with a
> SUN-approved certificate

Won't commercial JVMs ship with their own signed binary crypto package?
Or alternatively, if you're willing to run a commercial JVM, you're
probably willing to go download the signed binary crypto package.

Jeff

Attachment: signature.asc
Description: This is a digitally signed message part

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux