You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "#asfinfra Bot (JIRA)" <ji...@apache.org> on 2016/07/12 07:45:21 UTC

[jira] [Updated] (INFRA-11020) Apache River Project - X509 code signing certificates for jar files

     [ https://issues.apache.org/jira/browse/INFRA-11020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

#asfinfra Bot updated INFRA-11020:
----------------------------------

Hi, 

This issue has not been updated for at least 3 days, and is being marked as 'Pending Closed'. 
  
In 5 days this issue will be automatically closed if no further updates are received. 


-- 
Cheers,
Apache Infrastructure Team

> Apache River Project - X509 code signing certificates for jar files
> -------------------------------------------------------------------
>
>                 Key: INFRA-11020
>                 URL: https://issues.apache.org/jira/browse/INFRA-11020
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Codesigning
>            Reporter: Peter Firmstone
>            Assignee: Mark Thomas
>            Priority: Minor
>
> Apache River is currently reliant on insecure protocols such as MD5 for jar file integrity validation.  
> Apache River provides service implementations that have jar files that clients must download.  If we sign these jar files, it will make it easier for users to make permission grants in policy files.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)