Warren Togami wrote:
IIRC, there was a consensus (which perhaps others on this list can correlate) that we can forego signing this package in Fedora. However, the proprietary version will still be signed.Rex Dieter wrote:FYI, (originally posted to fab-list) reviewer(s) kindly requested. -- Rex --------------- Forwarded message (begin) Subject: Status of JSS in Fedora? From: Margaret Lum <mlum redhat com> Date: Wed, 09 May 2007 19:51:02 -0500 Hi folks, I've noticed this package has been collecting dust for awhile. My team needs this in our first open source release of our product (Certificate System), and I'm working on a parallel port (from internal source) to the build system here @RH. If this is not the most productive forum for such approval, please point me in the right direction. This package was already submitted, but it's almost 2 months past the initial file date. The issue that needs both resolution and an immediate updated status is: Bugzilla Bug 230262 <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230262>: Review Request: jss - Java Security Services (JSS) Thank you for your time and understanding.As discussed in the past on fedora-extras-list and other mediums, it may be impossible to ship this in Fedora or RHEL signed because that is in conflict with our licenses and guarantees of reproducibility.
https://www.redhat.com/archives/fedora-extras-list/2007-February/msg00311.html This idea was the closest even vaguely plausible way to get it into Fedora... however it seems to be both technically impossible and not good enough to bring it into compliance with our rules. Unless somebody else has a new idea, I don't know how we can proceed on this.Red Hat (the company) could (pending legal approval) choose to proceed with this as part of an internal product. But as the rules stand today, Fedora cannot ship this signed.
We will ship this UNsigned, in Fedora. Can approval be re-evaluated?
Warren Togami wtogami redhat com
Description: S/MIME Cryptographic Signature