Resend after subscribing to the
list.
-------- Original Message --------
On 21/11/2013 5:27 AM, Tom Decsi
wrote:
Recently I started working as a java
consultant for ASML, where I’ve been assigned to web start
(jnlp) application.
It came to my understanding that Oracle
planned a JRE v 7 update 45 release for 14/01/2014.
Therefore I need to update all jar manifest
entries and sign the jar libraries used by this application.
However, we use an eclipse library in our applications which
is already signed. (org.eclipse.persistence.moxy-2.4.0.jar)
but in order to comply with the j7u45 security policies, we
need to sign all jars in a single jnlp with the same signature
so hence my question ;
Am I allowed to unsign this jar and resign
it with our own certificate? I can’t seem to find anything
about this topic in the Eclipse Public License, under which
this jar is distributed.
Could you point me to a legal notice with
more information about this topic? Surely I am not the only
one facing this issue …
Tom,
The conversation on this issue is happening on
bug
416870[1] Could I please ask that you restate your question
there? I think it would be good for the discussion there to have
the viewpoint of someone who is actually dealing with the issue.
I've also cc'd the eclipselink-users list, as the development team
there is responsible for the moxy component.
As for re-signing the JAR, I think that's okay, but I will
double-check and get back to you.
[1]
https://bugs.eclipse.org/bugs/show_bug.cgi?id=416870
--
Mike Milinkovich
mike.milinkovich@xxxxxxxxxxx
+1.613.220.3223