Review Request: jss - Java Security Services (bz#230262)

Margaret Lum mlum at redhat.com
Thu May 10 03:28:39 UTC 2007 

Warren Togami wrote:
> Rex Dieter wrote:
>> FYI, (originally posted to fab-list)
>>
>> reviewer(s) kindly requested.
>>
>> -- Rex
>>
>> --------------- Forwarded message (begin)
>>
>> Subject: Status of JSS in Fedora?
>> From: Margaret Lum <mlum at redhat.com>
>> Date: Wed, 09 May 2007 19:51:02 -0500
>>
>> Hi folks,
>>
>> I've noticed this package has been collecting dust for awhile.  My team
>> needs this in our first open source release of our product (Certificate
>> System), and I'm working on a parallel port (from internal source) to
>> the build system here @RH.  If this is not the most productive forum for
>> such approval, please point me in the right direction.  This package was
>> already submitted, but it's almost 2 months past the initial file date.
>>
>> The issue that needs both resolution and an immediate updated status is:
>>
>>
>>  Bugzilla Bug 230262
>>  <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230262>: Review
>>  Request: jss - Java Security Services (JSS)
>>
>> Thank you for your time and understanding.
>>
>
> As discussed in the past on fedora-extras-list and other mediums, it 
> may be impossible to ship this in Fedora or RHEL signed because that 
> is in conflict with our licenses and guarantees of reproducibility.
>
IIRC, there was a consensus (which perhaps others on this list can 
correlate) that we can forego signing this package in Fedora.  However, 
the proprietary version will still be signed.
> https://www.redhat.com/archives/fedora-extras-list/2007-February/msg00311.html 
>
> This idea was the closest even vaguely plausible way to get it into 
> Fedora... however it seems to be both technically impossible and not 
> good enough to bring it into compliance with our rules.  Unless 
> somebody else has a new idea, I don't know how we can proceed on this.
>
> Red Hat (the company) could (pending legal approval) choose to proceed 
> with this as part of an internal product.  But as the rules stand 
> today, Fedora cannot ship this signed.
We will ship this UNsigned, in Fedora.  Can approval be re-evaluated?
>
> Warren Togami
> wtogami at redhat.com
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3229 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070509/82f7d4fc/attachment.bin>

More information about the fedora-devel-list mailing list