RFC: Signed JAR Packaging Policy
Andrew Haley
aph at redhat.com
Tue Mar 13 18:21:56 UTC 2007
Nicolas Mailhot writes:
> Le mardi 13 mars 2007 à 14:01 -0400, Matthew Miller a écrit :
> > On Tue, Mar 13, 2007 at 01:54:56PM -0400, Rob Crittenden wrote:
> > > But any random JVM that a user downloads from Sun or IBM directly
> > > wouldn't know about this extra endorsement, right? So any
> > > non-rpm-installed JVMs would still not work?
> >
> > They would work fine for whatever they were installed for. They just
> > wouldn't work for this. Presuming that "this" can be made to work just fine
> > with gcj and/or future-free-java, then it should just stay that way. Am I
> > not getting something?
> >
> > I mean, do we consider "the kernel doesn't build with Microsoft C" a
> > problem?
>
> The kernel is mature and the main implementation. If
> fedora-packaged java apps fail when people try to use them with
> proprietary jvms that's a bigger problem. Till gcj is mature,
> efficient and recognized in the marketplace being able to mix and
> replace components (including the jvm) is a huge plus.
>
> (now on this particular point, I don't see how we can accommodate
> SUN & Fedora requirements, and Fedora goals come first)
It's just a dependency, no different from any other package
dependency. A proprietary Java runtime environment that needs signed
crypto JARs has a dependency on such JARs. When such a proprietary
JRE is installed, the signed crypto JARs it needs should be installed
with it.
Andrew.
More information about the Fedora-maintainers
mailing list