pivot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandro Martini (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (PIVOT-920) Update Pivot to New security requirements for RIAs in 7u51
Date Thu, 24 Apr 2014 12:45:16 GMT

    [ https://issues.apache.org/jira/browse/PIVOT-920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13979648#comment-13979648
] 

Sandro Martini edited comment on PIVOT-920 at 4/24/14 12:44 PM:
----------------------------------------------------------------

Note that even without changes in our build (to include new attributes in the manifest inside
any jar files, and use the signed version of jars, etc) a workaround is to add http://pivot.apache.org
in Site exception list under the Tab Security in the Java Control Panel (at least in Windows).

Finally, check if it makes sense now to use in Tutorials and Demos the unsigned version of
our jars (and copy inside generated war files) ...

Note that the signing certificate that we use is self-signed so I'm not sure we could resolve
this issue without some help from Infra. After some small local changes (but still not committed)
Applets doesn't work because updated JRE 7 block them.

Some info here:
http://www.java.com/en/download/help/appsecuritydialogs.xml#selfsigned


was (Author: smartini):
Note that even without changes in our build (to include new attributes in the manifest inside
any jar files, and use the signed version of jars, etc) a workaround is to add http://pivot.apache.org
in Site exception list under the Tab Security in the Java Control Panel (at least in Windows).

Finally, check if it makes sense now to use in Tutorials and Demos the unsigned version of
our jars (and copy inside generated war files) ...

Note that the signing certificate that we use is self-signed so I'm not sure we could resolve
this issue without some help from Infra. After some small local changes (but still not committed)
Applets doesn't work because updated JRE 7 block them.

> Update Pivot to New security requirements for RIAs in 7u51 
> -----------------------------------------------------------
>
>                 Key: PIVOT-920
>                 URL: https://issues.apache.org/jira/browse/PIVOT-920
>             Project: Pivot
>          Issue Type: New Feature
>          Components: project, site
>            Reporter: Sandro Martini
>            Assignee: Sandro Martini
>             Fix For: 2.0.4, 2.1
>
>
> As seen here ( https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias
), we have to update our jars or users won't be able to run our Tutorials/Demos from the Web
Site ... and even when running from related war files in our distribution.
> Note that for signed jars we have only a self-signed certificate, so we have to check
with ASF if it's something that could be handled at Infra level (from a Build Server, or something
that takes released jars and sign them ...). Note that the same apply even with pack200 version
of our jars.
> Maybe a related issue for INFRA could be useful ...
> Some discussions here:
> http://apache-pivot-developers.417237.n3.nabble.com/Update-Pivot-to-New-security-requirements-for-RIAs-in-7u51-td4026251.html



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message