On Mon, Feb 18, 2008 at 02:36:04PM -0500, Tom spot Callaway wrote: > > On Mon, 2008-02-18 at 20:53 +0200, Axel Thimm wrote: > > On Mon, Feb 18, 2008 at 12:28:47PM -0500, Jesse Keating wrote: > > > Also I think the problem here is that there is a cert system that is > > > being held hostage by Sun, and nobody else gets to play. This is worse > > > than the current web cert games we play with browsers. > > > > Can't we add a Fedora certificate to the distribution with a private > > key only the builders have access to? And maybe only for a whitelist > > of packages that the FPC would approve? > > > > As a short term solution for the geogebra case we could ship it > > unsigned until we have a procedure in place (of course all self-built > > from source). > > Not an expert here, but I think that many browsers will refuse to run > unsigned java bits. They will issue a warning and let the user decide. There are quite a lot of appliances w/o a trusted key or not signed at all in routers, switches, kvm boxes etc. that fall into this category. -- Axel.Thimm at ATrpms.net
Attachment:
pgp1PfU6MpQJW.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
