FYI Begin forwarded message:
> From: Greg Brown <gkbr...@mac.com> > Date: December 7, 2009 12:52:48 PM EST > To: "William A. Rowe Jr." <wr...@rowe-clan.net> > Cc: Apache Infrastructure <infrastruct...@apache.org>, > priv...@incubator.apache.org, Apache Security Response Team > <secur...@apache.org> > Subject: Re: Summary of projects with client-side .jar's? > > Coincidentally, this question just came up on the Pivot dev list: > > http://mail-archives.apache.org/mod_mbox/incubator-pivot-dev/200912.mbox/%3ce682545b-ed8c-42f6-834a-653a5385c...@mac.com%3e > > Most Pivot applications run client-side, so this discussion is definitely of > interest to us. > > Greg > > > On Dec 7, 2009, at 12:35 PM, William A. Rowe Jr. wrote: > >> Had a call last Friday with Verisign with respect to code signing >> which I'll write up shortly after I work out one detail with them. >> I also bounced one question of Mark Thomas. >> >> Mark pointed out that the only place code signing is terribly >> interesting right now is deploying client-side .jar's. Can anyone >> offer some insight into which projects that do so? This might be >> interesting to the security team as well, in terms of tracking which >> of the projects objects are deployed unbeknownst to the actual user. >> >> >
