river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: [jira] [Updated] (INFRA-11020) Apache River Project - X509 code signing certificates for jar files
Date Sun, 29 May 2016 03:43:28 GMT
Thanks Mark,

Fortunate timining, we'll have some new release artifacts ready again 
shortly...  and will able to release them signed.

Peter.

On 27/05/2016 6:36 PM, Mark Thomas (JIRA) wrote:
>       [ https://issues.apache.org/jira/browse/INFRA-11020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
>
> Mark Thomas updated INFRA-11020:
> --------------------------------
>      Status: Waiting for user  (was: Waiting for Infra)
>
> The code signing service has now been renewed.
>
> If the River PMC still wants to go ahead with this let me know and I'll start the process
of setting the PMC up for code signing. Peter will be the initial PoC and once set up he will
be able to add additional PMC members.
>
>> Apache River Project - X509 code signing certificates for jar files
>> -------------------------------------------------------------------
>>
>>                  Key: INFRA-11020
>>                  URL: https://issues.apache.org/jira/browse/INFRA-11020
>>              Project: Infrastructure
>>           Issue Type: Planned Work
>>           Components: Codesigning
>>             Reporter: Peter Firmstone
>>             Assignee: Mark Thomas
>>             Priority: Minor
>>
>> Apache River is currently reliant on insecure protocols such as MD5 for jar file
integrity validation.
>> Apache River provides service implementations that have jar files that clients must
download.  If we sign these jar files, it will make it easier for users to make permission
grants in policy files.
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>


Mime
View raw message