RFC: Signed JAR Packaging Policy
Nicolas Mailhot
nicolas.mailhot at laposte.net
Mon Mar 12 22:13:25 UTC 2007
Le lundi 12 mars 2007 à 17:29 -0400, Simo Sorce a écrit :
> On Mon, 2007-03-12 at 16:33 -0400, Warren Togami wrote:
> > Nicolas Mailhot wrote:
> > >
> > > The problem is SUN controls the default certificate list in jvms, and
> > > it's reinitialised every time you update a vendor jvm, so in practical
> > > terms only SUN-approved keys "just work"
> > >
> >
> > This might have interesting consequences for Sun's plans to GPLv3 their
> > Java.
>
> Why?
> Is their own signature required for the package to work, and nothing
> else will work even if rebuilt from scratch?
commercial jvms will barf if a crypto package is not signed with a
SUN-approved certificate
--
Nicolas Mailhot
More information about the Fedora-maintainers
mailing list