commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin van den Bemt <>
Subject Re: [all] jar signing with jarsigner
Date Sat, 11 Mar 2006 14:50:07 GMT
Yep I used it on a regular base, although it's been a year or so, since I last did this..
I just took the short path : (re) sign all the jars that go into a webstarted application.
All signatures in a/each jnlp file should be the same. So eg if all external dependencies
are signed 
by the creator, you need to create a seperate jnlp (include like) file per unique cert, which
kind of suck from a release manager perspective.
So my preferred way is to just (re) sign everything with the same cert..


Paul Libbrecht wrote:
> Paul Libbrecht wrote:
>> I suppose that, with Java Web Start, the jar-signing mechanism may 
>> request at least one authorization for each signing key...
> Has anyone tested a java-web-start application where jars are from 
> different originators?
> If, indeed as I fear, there are several requests for trust presented to 
> the user, I think ASF jar-signing would help nothing for JNLP 
> deployments...
> paul
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message