[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Review Request: jss - Java Security Services (bz#230262)

Margaret Lum wrote:
As discussed in the past on fedora-extras-list and other mediums, it may be impossible to ship this in Fedora or RHEL signed because that is in conflict with our licenses and guarantees of reproducibility.

IIRC, there was a consensus (which perhaps others on this list can correlate) that we can forego signing this package in Fedora. However, the proprietary version will still be signed.

Right, unsigned in Fedora. Proprietary or 3rd party apps needing a signed JAR would need to provide it from a separate source. Can you confirm that it could be parallel installed without much trouble?

Red Hat (the company) could (pending legal approval) choose to proceed with this as part of an internal product. But as the rules stand today, Fedora cannot ship this signed.
We will ship this UNsigned, in Fedora.  Can approval be re-evaluated?

Right, yes it can.

Warren Togami
wtogami redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]