www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-11020) Apache River Project - X509 code signing certificates for jar files
Date Mon, 30 May 2016 18:29:12 GMT

    [ https://issues.apache.org/jira/browse/INFRA-11020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15306873#comment-15306873
] 

Mark Thomas commented on INFRA-11020:
-------------------------------------

Expect some e-mails from Symantec and one from me with your enrollment password.

You should read the code signing sections of https://reference.apache.org/pmc/start and ask
here if you have any questions.

We can close this issue once you have completed a test signing. 

> Apache River Project - X509 code signing certificates for jar files
> -------------------------------------------------------------------
>
>                 Key: INFRA-11020
>                 URL: https://issues.apache.org/jira/browse/INFRA-11020
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Codesigning
>            Reporter: Peter Firmstone
>            Assignee: Mark Thomas
>            Priority: Minor
>
> Apache River is currently reliant on insecure protocols such as MD5 for jar file integrity
validation.  
> Apache River provides service implementations that have jar files that clients must download.
 If we sign these jar files, it will make it easier for users to make permission grants in
policy files.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message