Yep I used it on a regular base, although it's been a year or so, since I last
did this..
I just took the short path : (re) sign all the jars that go into a webstarted
application.
All signatures in a/each jnlp file should be the same. So eg if all external dependencies are signed
by the creator, you need to create a seperate jnlp (include like) file per unique cert, which can
kind of suck from a release manager perspective.
So my preferred way is to just (re) sign everything with the same cert..
Mvgr,
Martin
Paul Libbrecht wrote:
Paul Libbrecht wrote:
I suppose that, with Java Web Start, the jar-signing mechanism may
request at least one authorization for each signing key...
Has anyone tested a java-web-start application where jars are from
different originators?
If, indeed as I fear, there are several requests for trust presented to
the user, I think ASF jar-signing would help nothing for JNLP
deployments...
paul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
