OK understood. Not sure were do ask, but maybe infra has an idea if such a thing exists. If not, we might ask the board if we can buy something like that
On Tue, Oct 4, 2011 at 7:44 PM, Scott Deboy <scott.de...@gmail.com> wrote: > We need a code signing certificate that is trusted by a root cert auth, and > use that cert to sign the jars - I would prefer the ASF handle this. > > See > http://download.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/faq.html > > Scott > > > On Tue, Oct 4, 2011 at 10:32 AM, Christian Grobmeier <grobme...@gmail.com> > wrote: >> >> > http://logging.apache.org/chainsaw/download.html - by clicking on the >> > 'Java >> > Web Start' link, Chainsaw will download, install and run.. >> > >> > To update the version of Chainsaw we provide via Web Start, we need to >> > sign >> > the jars, since Chainsaw writes to the local file system, can initiate >> > socket connections, etc, and Web Start only allows that if the jars are >> > signed and the person oks the access..It seems Apache should have a cert >> > for >> > signing jars, instead of having to do this ourselves.. >> >> Is any pgp key fine to sign or should it be one with a trusted >> identiy, like "this software was developed by the ASF" and so on? >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org >> For additional commands, e-mail: log4j-dev-h...@logging.apache.org >> > > -- http://www.grobmeier.de --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-dev-h...@logging.apache.org
