RFC: Signed JAR Packaging Policy
Alan Cox
alan at redhat.com
Tue Mar 13 02:33:09 UTC 2007
On Mon, Mar 12, 2007 at 04:57:45PM -0400, Warren Togami wrote:
> Why this is bad?
> It still is not fully reproducible in a sense that other people can't
> take our source, modify it slightly, and make a Sun-blessed JSS JAR.
And can't be used for GPL projects according to some interpretations of
GPL v2.
"The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable."
Preferred form for making a work might well be held to include keys. Or you
could argue its an interface definition, or perhaps an install script or ..
Best not to go there
Alan
More information about the Fedora-maintainers
mailing list