Re: JCE Code Signing Certificate

To: Charles Fry <debian@frogcircus.org>
Cc: debian-security@lists.debian.org, debian-java@lists.debian.org
Subject: Re: JCE Code Signing Certificate
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 04 Oct 2005 20:56:08 +0200
Message-id: <[🔎] 87mzlp862f.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20051004181058.GW2949@true> (Charles Fry's message of "Tue, 4 Oct 2005 14:10:58 -0400")
References: <20050930170443.GL2949@true> <[🔎] 20051004181058.GW2949@true>

* Charles Fry:

> I should also point out that this JCE Code Signing Certificate is
> necessary not only to allow libbcprov-java to be used as a trusted
> security provider, but also for me to package bcmail, bctsp, and bcpg
> which are also part of Bouncy Castle. I can currently build all of them,
> but the regression tests fail as the resulting jars need to be signed.
>
> Can someone please comment on how we should proceed to obtain a JCE Code
> Signing Certificate for Debian?

Why can't we just install a trusted certificate in our own packages?

It's not clear to me who should own the private key corresponding to
the certificate, either.  Perhaps you could explain why this
certificate is needed?  Hopefully, the rest follows from that.

Reply to:

Follow-Ups:
- Re: JCE Code Signing Certificate
  - From: Charles Fry <debian@frogcircus.org>

References:
- Re: JCE Code Signing Certificate
  - From: Charles Fry <debian@frogcircus.org>

Prev by Date: Re: JCE Code Signing Certificate
Next by Date: Aleksander Sobol : nie ma mnie w pracy.
Previous by thread: Re: JCE Code Signing Certificate
Next by thread: Re: JCE Code Signing Certificate
Index(es):
- Date
- Thread