RFC: Signed JAR Packaging Policy
Tom 'spot' Callaway
tcallawa at redhat.com
Mon Mar 12 22:31:15 UTC 2007
On Mon, 2007-03-12 at 23:19 +0100, Nicolas Mailhot wrote:
> Le lundi 12 mars 2007 à 16:34 -0500, Tom 'spot' Callaway a écrit :
>
> > Clarification: Fedora can't acquire a signing cert from Sun. Only Red
> > Hat, Inc can.
>
> Fedora sure can, OSS projects like bouncycastle did in the past.
>
> Now even assuming SUN is stupid enough not to require a legally binding
> agreement not to redistribute those signing certs, it still has the
> "revoke at will" card.
The legal document that SUN wants groups to sign to get a cert point
blank asks for "Company". Fedora is not a Company. :/
~spot
More information about the Fedora-maintainers
mailing list