> > This is a big field which needs even bigger investigation. The free > > runtimes can load them but signed jars are still not supported (or was > > this fixed lately...). Your best action would be to just test it with > > kaffe or gcj or whatever and report any bugs you find. > > In the meantime, it occurred to me that the certified key (including > the private key) would have to be included in the source package, > otherwise the package would fail to build from source. > > While I see nothing in Sun's form that requires us to keep the private > key secret, publishing it still not be such a good idea. The key must be kept secret, otherwise it can't be trusted (i.e. people could maliciously modify the code, and then sign their modifications). How to best architect this into Debian is another question... Charles -- Substitutes Can let you down Quicker Than a Strapless gown Burma-Shave http://burma-shave.org/jingles/1955/substitutes
Attachment:
signature.asc
Description: Digital signature