[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| [ice-dev] Slides from the Symantec Signing talk | 
All,
I have the slides from the Symantec webcast about trusted, signed 
certificates. The takeaway is that, for web-based Java apps, Java's 
default security settings prohibit clients from running said apps if 
they do not have a trusted, signed certificate that is not revoked. 
These default restrictions came about over the course of several of the 
76 updates to Java 7. Also, it's a really good idea to include 
timestamps when signing with jarsigner.
Of course, they pitched their SSAS enterprise product to help manage the 
certificates. It appears that SSAS only supports large enterprises like 
Oracle, Apache, etc. at the moment, but they intend to release a similar 
product to target smaller projects eventually.
From the looks of it (and my knowledge about this is limited), JAR and 
ZIP files for Eclipse projects can be signed by committers "on its [the 
Eclipse Foundation's] behalf". 
http://wiki.eclipse.org/IT_Infrastructure_Doc#Sign_my_plugins.2FZIP_files.3F
Let me know if you'd like a copy of the slides.
Jordan
--
Jordan Deyton
Oak Ridge National Laboratory
Telephone: (865) 574-1091
Email: deytonjh@xxxxxxxx