Hi, On Fri, 2003-09-05 at 10:32, WJCarpenter wrote: > Is there any kind of ASF policy about signing JAR files that are made > available for download? For most downloads, there is a companion file > with some overall signature to prove the authenticity of the download, > but in the particular case of Java JAR files, that leaves a piece of > the pie undone.
</snip> There is definately every intention of signing the Jar's. One of the Log4j companion utilities, Chainsaw, will be delivered using Java Web Start, and that will pretty much require Jar signing much the same way you describe applets and how they complain. Hopefully we will be able to organise the bits and pieces before the 1.3 release, but maybe not in time. Thanks for prodding me about this, I need to get started on organising this again. cheers, Paul Smith --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
