Rob Crittenden wrote: > Gary Benson wrote: > > I'd argue that Warren's two-step build doesn't screw over CentOS, > > or anyone else for that matter. Anyone wanting to rebuild could > > simply rebuild (steps 3-5). Anyone wanting to modify would get > > their own key from Sun and do the full two-step thing (steps 1-5). > > There's even a refinement in that jarfile signatures are not > > rigidly bound to their jars, so rather than shipping an entire jar > > in the source rpm we could simply bundle the signature information > > and insert that into the jar we built. > > This is assuming that the jar we build is identical to the Mozilla > jar without the signature, right? No. Warren's idea was this one: https://www.redhat.com/archives/fedora-maintainers/2007-March/msg00446.html Cheers, Gary -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
