To me this just means that the signature is, for JNLP deployers, a job
of the deployer, or the end-developer and that a signature of Apache
Foundation would not help.
Correct with that ?
Can you tell a bit more ?
E.g. is there a comparison between the fields of the JNLP and the fields
of the certificate?
thanks
paul
Martin van den Bemt wrote:
Yep I used it on a regular base, although it's been a year or so,
since I last did this..
I just took the short path : (re) sign all the jars that go into a
webstarted application.
All signatures in a/each jnlp file should be the same. So eg if all
external dependencies are signed by the creator, you need to create a
seperate jnlp (include like) file per unique cert, which can kind of
suck from a release manager perspective.
So my preferred way is to just (re) sign everything with the same cert..
Mvgr,
Martin
Paul Libbrecht wrote:
Paul Libbrecht wrote:
I suppose that, with Java Web Start, the jar-signing mechanism may
request at least one authorization for each signing key...
Has anyone tested a java-web-start application where jars are from
different originators?
If, indeed as I fear, there are several requests for trust presented
to the user, I think ASF jar-signing would help nothing for JNLP
deployments...
paul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
