logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ceki Gülcü <c...@qos.ch>
Subject RE: Web start app & Certificates - redux
Date Tue, 04 May 2004 14:30:42 GMT
At 11:27 PM 5/3/2004, you wrote:
>The last I heard from infrastructure was that JNLP is already added to the
>mime types on the webserver (standard setting now with most web servers I
>think).  However they do not give out the apache certificate, and for good
>reasons.

But will the ASF sign a certificate we present to them?

>So we don't have is a certificate.  I managed to get a free certificate
>under my work email address, and signed Chainsaw and dependand packages for
>internal use.  I could volunteer to use my apache email address for the
>signing...?  That would require of course that people downloading the signed
>jars via web start would have to 'trust' my email address.  I wonder if
>someone like Ceki's name might have more 'trustworthyness'..  But I am happy
>to sign the jars if that works for people.

Without a certificate chain, you can actually sign with my name, you can 
even sign as "The President of the United States of America."

>Alternatively there could be a Logging Service Certificate, but I am not
>sure how one would obtain something like that.  Probably costs a bit.

Do you know if the ASF have a certification policy? If it does, then we 
should follow it. If it doesn't, then we are left only with bad alternatives.

>cheers,
>
>Paul Smith

-- 
Ceki Gülcü

      For log4j documentation consider "The complete log4j manual"
      ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp  



---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message