RFC: Signed JAR Packaging Policy
Warren Togami
wtogami at redhat.com
Mon Mar 12 21:13:44 UTC 2007
Jesse Keating wrote:
>>
>> I'd much prefer gcj and the future Fedora-shipped implementation of the Sun
>> JVM to make it easy to use self-generated certificates. If someone wants to
>> install a proprietary JVM, let's make _that_ the hard case.
>
> I agree. How much fun would it be if apache suddenly decided to not function
> with self signed certs and any cert you used had to come from verasign ?
>
Hmm, CentOS is a good counter argument.
I guess, we don't have any way of shipping a signed JAR in Fedora.
The best we can do is to ship an unsigned JAR and make all FOSS software
not require the signature (because we relied on the RPM sig instead).
If others want to provide a parallel install signed JAR RPM for
arbitrary 3rd party software to use, that is their decision.
Warren Togami
wtogami at redhat.com
More information about the Fedora-maintainers
mailing list