You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pivot.apache.org by "Sandro Martini (JIRA)" <ji...@apache.org> on 2014/11/17 17:50:33 UTC
[jira] [Commented] (PIVOT-920) Update Pivot to New security
requirements for RIAs in 7u51
[ https://issues.apache.org/jira/browse/PIVOT-920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14214826#comment-14214826 ]
Sandro Martini commented on PIVOT-920:
--------------------------------------
Just received an email that say "Code signing service now available", so now Pivot PMC should ask to Infra keys to sign our artifacts.
We should be able to do this even for 2.0.5 (for 2.1.0 surely).
> Update Pivot to New security requirements for RIAs in 7u51
> -----------------------------------------------------------
>
> Key: PIVOT-920
> URL: https://issues.apache.org/jira/browse/PIVOT-920
> Project: Pivot
> Issue Type: New Feature
> Components: project, site
> Reporter: Sandro Martini
> Assignee: Sandro Martini
> Fix For: 2.1, 2.0.5
>
>
> As seen here ( https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias ), we have to update our jars or users won't be able to run our Tutorials/Demos from the Web Site ... and even when running from related war files in our distribution.
> Note that for signed jars we have only a self-signed certificate, so we have to check with ASF if it's something that could be handled at Infra level (from a Build Server, or something that takes released jars and sign them ...). Note that the same apply even with pack200 version of our jars.
> Maybe a related issue for INFRA could be useful ...
> Some discussions here:
> http://apache-pivot-developers.417237.n3.nabble.com/Update-Pivot-to-New-security-requirements-for-RIAs-in-7u51-td4026251.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)