river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Service API, class visibility, isolation and garbage collection - ClassLoaders
Date Tue, 22 Jun 2010 11:37:36 GMT
Peter Firmstone wrote:
> We can base Codebase trust on:
>   1. Certificates[]  "Who wrote it?"
>   2. CodeSource "Who wrote it and the name of the Codebase?"
Just a minor clarification, a CodeSource object's state, is the URL and 
the signer Certificates[], so it's currently "Who signed it, where it 
comes from and its name", I'd like to change that to "Who signed it, 
what's its name and version"  Lets hope the original developer signs it 
or the people who do sign it can "vet the code" so we can equate 
developers with Certificates[].  I'd like to take location out of the 
equation for systems like Maven and OSGi.



View raw message