I should also point out that this JCE Code Signing Certificate is necessary not only to allow libbcprov-java to be used as a trusted security provider, but also for me to package bcmail, bctsp, and bcpg which are also part of Bouncy Castle. I can currently build all of them, but the regression tests fail as the resulting jars need to be signed. Can someone please comment on how we should proceed to obtain a JCE Code Signing Certificate for Debian? thanks, Charles -----Original Message----- > From: Charles Fry <debian@frogcircus.org> > Subject: JCE Code Signing Certificate > Date: Fri, 30 Sep 2005 13:04:43 -0400 > To: debian-security@lists.debian.org > Cc: debian-java@lists.debian.org > Old-Return-Path: <cfry@mail.frogcircus.org> > > Now that BouncyCastle[1] has been packaged for Debian[2], it is time for > us to move forward with Arnaud's suggestion[3] that we obtain a JCE Code > Signing Certificate[4] for Debian, in order to vouch for this and other > JCE Security Providers that Debian may provide. > > The process is fairly straight-forward, as outlined in [4]. Having no > previous experience with anything similar, I assume that this should be > handled by the Security Team. > > I am hoping that someone on one of these lists will know the proper way > to proceed from here. :-) > > cheers, > Charles > > 1. http://www.bouncycastle.org/ > 2. http://packages.debian.org/unstable/libs/libbcprov-java > 3. http://lists.debian.org/debian-java/2004/04/msg00014.html > 4. http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/HowToImplAJCEProvider.html#Step%205 > > -- > Why does a chicken > Cross the street? > She sees a guy > She'd like to meet > He uses > Burma-Shave > http://burma-shave.org/jingles/1945/why_does_a -- Within this vale Of toil And sin Your head grows bald But not your chin -- Use Burma-Shave http://burma-shave.org/jingles/1943/within_this_vale
Attachment:
signature.asc
Description: Digital signature