[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[ice-dev] Slides from the Symantec Signing talk
|
All,
I have the slides from the Symantec webcast about trusted, signed
certificates. The takeaway is that, for web-based Java apps, Java's
default security settings prohibit clients from running said apps if
they do not have a trusted, signed certificate that is not revoked.
These default restrictions came about over the course of several of the
76 updates to Java 7. Also, it's a really good idea to include
timestamps when signing with jarsigner.
Of course, they pitched their SSAS enterprise product to help manage the
certificates. It appears that SSAS only supports large enterprises like
Oracle, Apache, etc. at the moment, but they intend to release a similar
product to target smaller projects eventually.
From the looks of it (and my knowledge about this is limited), JAR and
ZIP files for Eclipse projects can be signed by committers "on its [the
Eclipse Foundation's] behalf".
http://wiki.eclipse.org/IT_Infrastructure_Doc#Sign_my_plugins.2FZIP_files.3F
Let me know if you'd like a copy of the slides.
Jordan
--
Jordan Deyton
Oak Ridge National Laboratory
Telephone: (865) 574-1091
Email: deytonjh@xxxxxxxx