RFC: Signed JAR Packaging Policy
Jesse Keating
jkeating at redhat.com
Mon Mar 12 21:10:24 UTC 2007
On Monday 12 March 2007 17:02:06 Matthew Miller wrote:
> On Mon, Mar 12, 2007 at 04:57:45PM -0400, Warren Togami wrote:
> > Why this is bad?
> > It still is not fully reproducible in a sense that other people can't
> > take our source, modify it slightly, and make a Sun-blessed JSS JAR.
>
> I'm really against it. At the very least, it screws over CentOS. This a bad
> path to be going down.
>
> I'd much prefer gcj and the future Fedora-shipped implementation of the Sun
> JVM to make it easy to use self-generated certificates. If someone wants to
> install a proprietary JVM, let's make _that_ the hard case.
I agree. How much fun would it be if apache suddenly decided to not function
with self signed certs and any cert you used had to come from verasign ?
--
Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070312/73f6183b/attachment.sig>
More information about the Fedora-maintainers
mailing list