[Fedora-packaging] Re: java: building from source vs signed .jar's

Axel Thimm Axel.Thimm at ATrpms.net
Mon Feb 18 18:53:08 UTC 2008


On Mon, Feb 18, 2008 at 12:28:47PM -0500, Jesse Keating wrote:
> Also I think the problem here is that there is a cert system that is
> being held hostage by Sun, and nobody else gets to play.  This is worse
> than the current web cert games we play with browsers.

Can't we add a Fedora certificate to the distribution with a private
key only the builders have access to? And maybe only for a whitelist
of packages that the FPC would approve?

As a short term solution for the geogebra case we could ship it
unsigned until we have a procedure in place (of course all self-built
from source).
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20080218/7c1fd49b/attachment.sig>


More information about the Fedora-packaging mailing list