Setting up the keychain, signing the jars, and generating the JNLP are easy enough. I don't know if there's an "official" cert for Jakarta, though, or how the ASF Board would want to handle who has the password to it. Maybe Log4J would have its own? Would it make sense for the ASF to be a CA so it wouldn't have to pay Verisign/Thawte every year? That way the ASF could issue, for example, you a cert for signing Chainsaw, which would be backed by the "full faith and credit" of the ASF. (It would also make it much more managable if "you" turn out to abuse the cert and it needs to be revoked.)
-Jim Moore -----Original Message----- From: Paul Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 6:30 PM To: Log4j-Dev (E-mail) Subject: Web start app & Certificates Hey all, Chainsaw v2 is not REALLY REALLY close to being feature rich for a release just yet, but it is getting reasonably close. This app is screaming to be deployable via a Web start app, but that involves the following, and will require some assistance in working through it: * Hosting of the Chainsaw v2 contents on a web server that knows how to handle the .jnlp mime type. Is the Jakarta server configured for this? * Signing of the chainsaw jar (and possibly the log4j-core jar too) - this requires a certificate, and the ability to sign the jar as part of the ant build script for deployment to the site. This is clearly a privileged operation, and will probably take some time to nut out the logistics. I'm a newbie in jar signing and Web-Startin', so perhaps someone with some experience could step in and guide us through. Could we open up this issue for dialog? I'm guessing it could take a while to organise, and I'd really like to have this happening in parallel with Chainsaw development. cheers, _________________________ Paul Smith Lawlex Compliance Solutions phone: +61 3 9278 1511 email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
