Return-Path: 
 <users-return-14801-apmail-felix-users-archive=felix.apache.org@felix.apache.org>
X-Original-To: apmail-felix-users-archive@minotaur.apache.org
Delivered-To: apmail-felix-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id ADA71100F2
	for <apmail-felix-users-archive@minotaur.apache.org>;
 Wed, 16 Oct 2013 12:40:58 +0000 (UTC)
Received: (qmail 79440 invoked by uid 500); 16 Oct 2013 12:40:55 -0000
Delivered-To: apmail-felix-users-archive@felix.apache.org
Received: (qmail 79352 invoked by uid 500); 16 Oct 2013 12:40:54 -0000
Mailing-List: contact users-help@felix.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@felix.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@felix.apache.org>
List-Post: <mailto:users@felix.apache.org>
List-Id: <users.felix.apache.org>
Reply-To: users@felix.apache.org
Delivered-To: mailing list users@felix.apache.org
Received: (qmail 79344 invoked by uid 99); 16 Oct 2013 12:40:54 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Oct 2013 12:40:54 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of karlpauls@gmail.com
 designates 209.85.212.172 as permitted sender)
Received: from [209.85.212.172] (HELO mail-wi0-f172.google.com)
 (209.85.212.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Oct 2013 12:40:50 +0000
Received: by mail-wi0-f172.google.com with SMTP id ez12so3101538wid.5
        for <users@felix.apache.org>; Wed, 16 Oct 2013 05:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        bh=UOduJkc737plxTx8EZ6SJRHEBB/ZxGDv6578TwDyvd0=;
        b=TNFZod2Tx0giSddL5ZqJsjGlraMOF2meAgUgyyQ/Ef1cGvy/agvKWo1QtF1TYTBWRd
         hffHvQwiz3t64W6wP864NQQFVHyGYw9nJ6+/TL+N3OTItd8aLB4j+kQuWDTdpRKSsr4r
         5HnDXC2xvB4obTKjy4HC8tizPBvp99hHqbFCK6aSCUGuPiO14m90COK2JICkWQylBgJ9
         SodB9AsXstw0XR+cYFhT7/nQpwqpWK5tx+CuMAzMk7xGEwPuDvWnI5m/8YJXiq/BGC1y
         tLEdzH2DTiw0Y2BijihbX5/rJA6k0SYl85z47HJZwvY4yN+tlaU2RcDBnpK0xoiOE0cW
         gtjA==
X-Received: by 10.180.73.40 with SMTP id i8mr24111174wiv.37.1381927228785;
 Wed, 16 Oct 2013 05:40:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.92.197 with HTTP; Wed, 16 Oct 2013 05:40:08 -0700 (PDT)
In-Reply-To: 
 <CAMVFPxJL8agphFydqa8pgCj=kTC6YZQd95qjh-LwVRqte1arMQ@mail.gmail.com>
References: 
 <CAMVFPxJLq2+0VWbKgOjFGLh=c3d-KqodKrj--+Z5twMWe57d3g@mail.gmail.com>
 <52578C22.7030207@ascert.com>
 <CAMVFPxK5ve8AaR=tEKeWVpfZjo9TLmu6FgYfyBw8H+_RYbXxjw@mail.gmail.com>
 <1648002191.4740629.1381516974756.JavaMail.zimbra@ascert.com>
 <CAMVFPxLvsO2ZN-8fyQ+joW3Q=Xyw+N4Ynsx0kLcKKReitAAjgQ@mail.gmail.com>
 <280226453.4745236.1381518036897.JavaMail.zimbra@ascert.com>
 <CAMVFPxJL8agphFydqa8pgCj=kTC6YZQd95qjh-LwVRqte1arMQ@mail.gmail.com>
From: Karl Pauls <karlpauls@gmail.com>
Date: Wed, 16 Oct 2013 14:40:08 +0200
Message-ID: 
 <CAJnwQNi0jugF4HJe3Rti_dpGG99dafjj10fK-x7WuKLnD5Ue1w@mail.gmail.com>
Subject: Re: Security Warning: Felix with Java Web Start
To: "users@felix.apache.org" <users@felix.apache.org>
Content-Type: multipart/alternative; boundary=f46d0438907d93cc2b04e8db0184
X-Virus-Checked: Checked by ClamAV on apache.org

--f46d0438907d93cc2b04e8db0184
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

it would be really helpful if you could provide me with a failing toy
example...

regards,

Karl


On Wed, Oct 16, 2013 at 2:37 PM, Cesar Souza <cesar@animati.com.br> wrote:

> Hi guys
>
> We are facing a big problem, our software cannot run under Java 7
> update 45 due to the problem that I reported here.
> Please, can you raise the priority of the issue on Jira ?
>
> On Fri, Oct 11, 2013 at 4:00 PM, Rob Walker <robw@ascert.com> wrote:
> > Will def update the issue with anything I find.
> > Our examples are anything but small though - very hard to split stuff
> out, 40+ bundles and a ton of our own app code plus off the shelf libs.
> > Will report back with findings though!
> > - Rob
> >
> >
> > ----- Original Message -----
> >
> > From: "Cesar Souza" <cesar@animati.com.br>
> > To: users@felix.apache.org
> > Sent: Friday, 11 October, 2013 8:55:50 PM
> > Subject: Re: Security Warning: Felix with Java Web Start
> >
> > Thanks, Rob
> >
> > If you have a small example, please attach it to the Jira issue that
> > I've just created.
> >
> > https://issues.apache.org/jira/browse/FELIX-4281
> >
> > On Fri, Oct 11, 2013 at 3:42 PM, Rob Walker <robw@ascert.com> wrote:
> >> I have J7u40, but I haven't tested the WebStart aspect since updating.
> Quite possible it will hit the same problem, saw the warnings in the
> release notes. Will give it a try next week if I get a chance and report
> back
> >> - Rob
> >>
> >> ----- Original Message -----
> >>
> >> From: "Cesar Souza" <cesar@animati.com.br>
> >> To: users@felix.apache.org
> >> Sent: Friday, 11 October, 2013 6:52:26 PM
> >> Subject: Re: Security Warning: Felix with Java Web Start
> >>
> >> Hi Rob
> >>
> >> I have already verified all jars in my application.
> >> Are you using the Java 7 update 40 with your web start application ??
> >>
> >> Is there a way to turn on the debug log in Felix?
> >> Maybe I can see what resource is causing the security warning.
> >>
> >> On Fri, Oct 11, 2013 at 2:26 AM, Rob Walker <robw@ascert.com> wrote:
> >>> That seems to imply at least one of the JARs or bundles being loaded
> isn't
> >>> signed - probably worth a re-check on all JARs to make sure everythin=
g
> is
> >>> signed.
> >>>
> >>> We also use a launcher, and WebStart Felix. Our production build we
> signs
> >>> everything and we don't see that message - but in development, where =
we
> >>> don't sign, we do get it.
> >>>
> >>> I think I remember reading the latest Java versions are progressively
> >>> locking down the running of unsigned JARs, which is causing some
> >>> controversy.
> >>>
> >>> -- Rob
> >>>
> >>>
> >>> On 10/10/2013 9:37 PM, Cesar Souza wrote:
> >>>>
> >>>> Hi
> >>>>
> >>>> I have a valid certificate and I already successfully signed a Java
> >>>> Web Start application. So, there is no problem with the certificate =
or
> >>>> the process to sign my applications.
> >>>> But now I am trying to sign another application that uses Felix. The=
re
> >>>> is a launcher and all the libraries are in a remote directory, all
> >>>> them signed, accessed through a web server.
> >>>> When I launch the application everything is OK until the execution o=
f
> >>>> the Felix's init method. In this moment a dialog appears and show th=
e
> >>>> following message:
> >>>> -----------------------------------
> >>>> "Security Warning
> >>>>
> >>>> Do you want to run this application?
> >>>> An unsigned application from the location below is requesting
> permission
> >>>> to run.
> >>>>
> >>>> Running unsigned applications like this will be blocked in a future
> >>>> release because it is potentially unsafe and a security risk."
> >>>> -----------------------------------
> >>>>
> >>>> Is this a Felix's security problem ?
> >>>> Thanks for helping me.
> >>>>
> >>>> --------------------------------------------------------------------=
-
> >>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> >>>> For additional commands, e-mail: users-help@felix.apache.org
> >>>>
> >>>
> >>> --
> >>>
> >>>
> >>> Ascert - Taking systems to the edge
> >>> robw@ascert.com
> >>> +27 21 300 2028 ext 5119
> >>> www.ascert.com
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> >>> For additional commands, e-mail: users-help@felix.apache.org
> >>>
> >>
> >>
> >>
> >> --
> >> atenciosamente,
> >> Cesar Souza
> >>
> >> Animati Computa=E7=E3o Aplicada
> >> Santa Maria, RS - (55) 3286 4010
> >> http://animati.com.br
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> >> For additional commands, e-mail: users-help@felix.apache.org
> >>
> >>
> >
> >
> >
> > --
> > atenciosamente,
> > Cesar Souza
> >
> > Animati Computa=E7=E3o Aplicada
> > Santa Maria, RS - (55) 3286 4010
> > http://animati.com.br
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> > For additional commands, e-mail: users-help@felix.apache.org
> >
> >
>
>
>
> --
> atenciosamente,
> Cesar Souza
>
> Animati Computa=E7=E3o Aplicada
> Santa Maria, RS - (55) 3286 4010
> http://animati.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>


--=20
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls

--f46d0438907d93cc2b04e8db0184--