I will ask the board about it -- probably can update my report.... Thanks. ~Roger
-----Original Message----- From: Sandro Martini [mailto:sandro.mart...@gmail.com] Sent: Thursday, September 12, 2013 1:06 AM To: Developers - Apache Pivot Subject: Update Pivot to New security requirements for RIAs in 7u51 Hi all, just seen this: New security requirements for RIAs in 7u51 (January 2014) https://blogs.oracle.com/java-platform-group/entry/new_security_requirem ents_for_rias luckily we have some time to update all our stuff for this :-) ... So in the meantime we have to choose how to publish Tutorials/Demos in the Web Site (if keep the current way, or if change). In detail: > Code signatures from a trusted authority. All code for Applets and Web Start applications must be signed, regardless of its Permissions attributes. now our signed jars are self-signed, we have to check if at least self-signed jars will continue to work ... because an Apache Sign Certificate is something that over last years arise many times but up to now it's not available ... anyway I think that with these changes in Java SE we have a strong reason for requesting it. Maybe with a Signer Apache Service on published (released) jars ? I have to ask ... Roger, could you ask something like this even to Board ? > Manifest Attributes we have to update our build process to include that info, at least in our Tutorials/Demos jars I'll open a jira issue to track this. Maybe an INFRA issue for the generic signing service infrastructure could be useful ... Comments, suggestions ? Bye, Sandro
