logging-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Grobmeier" <grobme...@gmail.com>
Subject Re: Java code signing cert needed
Date Mon, 21 Oct 2013 21:30:54 GMT
Hi Scott,

I just read through the discussion and I feel you have not got a reply 
which we can be satisfied with.
If somebody would have said: it's not possible because of $x, ok. But I 
could not find an information
why code signing is not possible on Jira nor did I find any information 
on the wiki page.

Also I cannot understand why people are saying you are flaming. I feel 
this was/is a valid request
which was not handled.

I just added a comment on the Jira to back you.

However my first idea was to wait if we receive an answer the next days.

If we do not receive an answer, we can ask Sam in private first if he 
can advise us what to do.

After all I would like to put it into the next board report because this 
issue blocks us. At least
we need an answer if it works in general or if it is not supported at 

As I have understood from your mail it seems that infra can have some 
kind of root certificate
of which we could have a child certificate to sign our software. It 
seems to be similar of what
I have heard with .net applications.

Please let me know if my ideas work for you or if you would like to make 
it somehow different.

On 21 Oct 2013, at 2:46, Scott Deboy wrote:

> Now that extras is released (with a re-release imminent), it's time to
> turn toward a release of Chainsaw.
> Chainsaw can be ran via WebStart, which is the easiest way for people
> to start the app - click a link, accept the prompt, and Chainsaw is
> running.  Chainsaw's 'current' release is self-signed..a long time
> ago.
> Java 7U51, to be released January 14, will refuse to load code signed
> by a self-signed certificate.
> I requested a Java code signing certificate over two years ago via
> https://issues.apache.org/jira/browse/INFRA-3991.  It was promptly
> closed, and while there was a Wiki page created, nothing has happened
> since.
> I've reopened the Jira issue, but I think if Infra closes it again or
> doesn't offer to help, it's probably time to escalate this.  Is Sam
> Ruby still the Chair of Infra?  Should we talk to him?  Send something
> to the board?
> Two years is way too long to wait for Infra to be responsive...  Other
> folks (OpenOffice) also require code signing but probably have more
> complicated requirements.  Our Chainsaw build is simple, and Java code
> signing is driven by the build.  Infra just has to define their
> process for managing the certs and keys.
> Let me know what you folks think the appropriate next step is.
> Thanks,
> Scott


View raw message