Review Request: jss - Java Security Services (bz#230262)

Warren Togami wtogami at redhat.com
Thu May 10 03:32:25 UTC 2007


Margaret Lum wrote:
>> As discussed in the past on fedora-extras-list and other mediums, it 
>> may be impossible to ship this in Fedora or RHEL signed because that 
>> is in conflict with our licenses and guarantees of reproducibility.
>>
> IIRC, there was a consensus (which perhaps others on this list can 
> correlate) that we can forego signing this package in Fedora.  However, 
> the proprietary version will still be signed.

Right, unsigned in Fedora.  Proprietary or 3rd party apps needing a 
signed JAR would need to provide it from a separate source.  Can you 
confirm that it could be parallel installed without much trouble?

>>
>> Red Hat (the company) could (pending legal approval) choose to proceed 
>> with this as part of an internal product.  But as the rules stand 
>> today, Fedora cannot ship this signed.
> We will ship this UNsigned, in Fedora.  Can approval be re-evaluated?

Right, yes it can.

Warren Togami
wtogami at redhat.com




More information about the fedora-devel-list mailing list