> http://logging.apache.org/chainsaw/download.html - by clicking on the 'Java > Web Start' link, Chainsaw will download, install and run.. > > To update the version of Chainsaw we provide via Web Start, we need to sign > the jars, since Chainsaw writes to the local file system, can initiate > socket connections, etc, and Web Start only allows that if the jars are > signed and the person oks the access..It seems Apache should have a cert for > signing jars, instead of having to do this ourselves..
Is any pgp key fine to sign or should it be one with a trusted identiy, like "this software was developed by the ASF" and so on? --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-dev-h...@logging.apache.org