RFC: Signed JAR Packaging Policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Per
RFC: Signed JAR Packaging Policy http://lwn.net/Articles/225981/
Review Request: jss - Java Security Services (JSS), http://bugzilla.redhat.com/230262
The "jar signing issue" is something we'll have to address somehow sooner or later. Imo, it can/should be considered on the same level as Fedora's signed rpms. 

<crazy_idea>
Maybe fedora could have some sort of fedora-ca-keys pkg containing java CA's that's *only* available to the buildsys (ie, private, similar to fedora's rpm keys). We could also provide some sort of dummy fedora-ca-keys pkg in our public repos (or some other means for folks to generate/create their own ca-keys-containing pkg) to satisfy the reproducibility(*) issue. 
</crazy_idea>

comments?

-- Rex
(*) reproducible in that you could build signed jars, but they wouldn't be identical, obviously. 

--
Fedora-packaging mailing list
Fedora-packaging@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-packaging
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux