[Fedora-packaging] Re: java: building from source vs signed .jar's

Tom "spot" Callaway tcallawa at redhat.com
Mon Feb 18 19:36:04 UTC 2008


On Mon, 2008-02-18 at 20:53 +0200, Axel Thimm wrote:
> On Mon, Feb 18, 2008 at 12:28:47PM -0500, Jesse Keating wrote:
> > Also I think the problem here is that there is a cert system that is
> > being held hostage by Sun, and nobody else gets to play.  This is worse
> > than the current web cert games we play with browsers.
> 
> Can't we add a Fedora certificate to the distribution with a private
> key only the builders have access to? And maybe only for a whitelist
> of packages that the FPC would approve?
> 
> As a short term solution for the geogebra case we could ship it
> unsigned until we have a procedure in place (of course all self-built
> from source).

Not an expert here, but I think that many browsers will refuse to run
unsigned java bits.

~spot




More information about the Fedora-packaging mailing list