Hi,
On Tue, Nov 5, 2013 at 4:16 PM, Rzepa, Henry S <h.rz...@imperial.ac.uk>wrote:
>
> I have been discussing this with the ACS and RSC; I have a total of about
> 40 Jmol objects in these and other journals which rely on the Jmol applet
> working in a browser. They will all die in Jan 2014 unless something is
> done (even the latest ones, which default to JSmol, can in fact be
> switched over to Jmol using ?JAVA ).
>
> But this does raise some questions:
>
> 1. I would imagine its best if Jmol is signed by a legal entity. This
> could be one individual, or an organisation. But the Jmol community is not
> a legal organisation (unless someone corrects me).
> So who would actually sign Jmol? What legal implications would they
> inherit by doing so?
>
The only free certificates I've found for now are for one individual, not
an organisation.
The one I got from Certum requires a true name, with a copy of an id
document, so that they have some guarantee.
> 2. Whoever or whatever organisation signs Jmol, will that cause anyone to
> question its “opensource credentials”? Might someone confuse certificate
> signing with “ownership”?
>
There's no reason for it to change anything about ownership, it's just a
way of delivering the application, but with some kind of guarantee from the
individual signing the version.
> 3. What about multiple versions of Jmol, each signed by a different
> individual or different organisation? Is that viable? Each would be
> signing that they eg legally trust the original source (which would be the
> loose Jmol community, or perhaps if we are to be specific, Bob Hanson?)
>
Well, it's probably a lot more complex to hope for multiple versions : each
individual/organisation signing would need to obtain a trusted certificate,
and they would use their name as a guarantee about the version not being
malicious, ...
I think the easier way is to use individual certificate from the person
making the releases
I have just modified the build system for Jmol to easily allow someone
having his own certificate to rebuild Jmol and sign it with its own
certificate.
They just have to put their certificate in resources/certificate as
Jmol.p12 (PKCS#12 file) and run the build with a few extra parameters
(explained in resources/certificate/README.txt)
> Oh dear, each of the above implies Lawyers! But are they avoidable?
>
> Does anyone yet have a provisionally signed applet that could be used
> for internal testing?
>
With the modified build system, I have just made a test version signed with
my own certificate.
It's available for download at
http://site4145.mutu.sivit.org/Temporary/jmol-13.3.9_dev_s1-binary.zip
I haven't tested it at all
Anyone welcome to try it to see what the differences are with the self
signed version.
Nico
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Jmol-users mailing list
Jmol-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jmol-users
