Hi, On Wed, 2005-10-12 at 09:51 +0200, Michael Koch wrote: > This is a big field which needs even bigger investigation. The free > runtimes can load them but signed jars are still not supported (or was > this fixed lately...). Your best action would be to just test it with > kaffe or gcj or whatever and report any bugs you find. Signed jars can be loaded and the classes are assigned protection domains based on the found signatures. That doesn't mean all permission checks are done correctly or that access controller has been implemented correctly. We need to do an extensive security audit of the whole code base (compiler, runtime, core libraries) before trusting this kind of "sandboxing" to work as advertised. Cheers, Mark -- Escape the Java Trap with GNU Classpath! http://www.gnu.org/philosophy/java-trap.html Join the community at http://planet.classpath.org/
Attachment:
signature.asc
Description: This is a digitally signed message part