[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Fedora-packaging] RFC: Signed JAR Packaging Policy

From: Rex Dieter <rdieter math unl edu>
To: Discussion of RPM packaging standards and practices for Fedora <fedora-packaging redhat com>
Cc: fedora-devel-java-list redhat com, mlum redhat com
Subject: Re: [Fedora-packaging] RFC: Signed JAR Packaging Policy
Date: Thu, 10 May 2007 00:04:00 -0500

Rex Dieter wrote:

Per
RFC: Signed JAR Packaging Policy http://lwn.net/Articles/225981/
Review Request: jss - Java Security Services (JSS),http://bugzilla.redhat.com/230262
The "jar signing issue" is something we'll have to address somehowsooner or later. Imo, it can/should be considered on the same levelas Fedora's signed rpms.
<crazy_idea>
Maybe fedora could have some sort of fedora-ca-keys pkg containingjava CA's that's *only* available to the buildsys (ie, private,similar to fedora's rpm keys). We could also provide some sort ofdummy fedora-ca-keys pkg in our public repos (or some other means forfolks to generate/create their own ca-keys-containing pkg) to satisfythe reproducibility(*) issue.
</crazy_idea>

Duh, my bad for not actually re-reading the *whole* previous thread.spot pointed out that only "companies" can ask Sun for CA's, and thatFedora wouldn't qualify. But, hey, why not try and ask anyway? Theworst that can happen is that Sun says no, in which case, what's so evilabout using a "Red Hat" java CA? Regardless, for lack of a CA cert towork with, this discussion is moot.


-- Rex

Follow-Ups:
- Re: [Fedora-packaging] RFC: Signed JAR Packaging Policy
  - From: Jesse Keating

References:
- [Fedora-packaging] RFC: Signed JAR Packaging Policy
  - From: Rex Dieter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]