RFC: Signed JAR Packaging Policy

Rob Crittenden rcritten at redhat.com
Mon Mar 12 19:20:32 UTC 2007


Nicolas Mailhot wrote:
> Le lundi 12 mars 2007 à 14:57 -0400, Jesse Keating a écrit :
>> On Monday 12 March 2007 14:52:48 Dennis Gilmore wrote:
>>> The only people that can sign the jar's are sun.  No one else.
>> Hrm, that doesn't match what I was asked internally, it sounded like we would 
>> be able to get it signed after we built it, but we wouldn't be able to expose 
>> that step that does the signing.
> 
> SUN has been known to bless third-party signing certificates provided
> their use was restricted to a well-defined entity. So a Red Hat
> certificate is a possibility. A Fedora one would conflict with the
> project charter.
> 

Right. A signing certificate can be requested by filling this out and 
faxing it to Sun:

http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CertForm.txt

What their policies are for issuing certificates I don't know.

rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070312/388dde47/attachment.bin>


More information about the Fedora-maintainers mailing list