commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin van den Bemt <mll...@mvdb.net>
Subject Re: [all] jar signing with jarsigner
Date Sat, 11 Mar 2006 14:50:07 GMT
Yep I used it on a regular base, although it's been a year or so, since I last did this..
I just took the short path : (re) sign all the jars that go into a webstarted application.
All signatures in a/each jnlp file should be the same. So eg if all external dependencies
are signed 
by the creator, you need to create a seperate jnlp (include like) file per unique cert, which
can 
kind of suck from a release manager perspective.
So my preferred way is to just (re) sign everything with the same cert..


Mvgr,
Martin

Paul Libbrecht wrote:
> Paul Libbrecht wrote:
> 
>> I suppose that, with Java Web Start, the jar-signing mechanism may 
>> request at least one authorization for each signing key...
> 
> 
> Has anyone tested a java-web-start application where jars are from 
> different originators?
> If, indeed as I fear, there are several requests for trust presented to 
> the user, I think ASF jar-signing would help nothing for JNLP 
> deployments...
> 
> paul
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message