We need a code signing certificate that is trusted by a root cert auth, and use that cert to sign the jars - I would prefer the ASF handle this.
See http://download.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/faq.html Scott On Tue, Oct 4, 2011 at 10:32 AM, Christian Grobmeier <grobme...@gmail.com>wrote: > > http://logging.apache.org/chainsaw/download.html - by clicking on the > 'Java > > Web Start' link, Chainsaw will download, install and run.. > > > > To update the version of Chainsaw we provide via Web Start, we need to > sign > > the jars, since Chainsaw writes to the local file system, can initiate > > socket connections, etc, and Web Start only allows that if the jars are > > signed and the person oks the access..It seems Apache should have a cert > for > > signing jars, instead of having to do this ourselves.. > > Is any pgp key fine to sign or should it be one with a trusted > identiy, like "this software was developed by the ASF" and so on? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org > For additional commands, e-mail: log4j-dev-h...@logging.apache.org > >
