For "Trusted Java applications" and "J2EE Client applications" , any jar deployed with (or part of) the application must be signed.
For JavaWebStart applications , if you need to deploy the postgresql.jar as a component of the application , then must be signed, otherwise all the application is considered "Not trusted".
Of course , anyone can sign postgresql.jar with their own certificate (or self signed certificate), but how in JavaWebStart the certificate is presented to the user for acceptance , will be better if the certificate belong to the official organization.
If the development group don't have a real certificate , since the development group is a non-profit organization, I think that Verising or any other certification authority can donate one.
Kris Jurka wrote:
On Thu, 8 Jul 2004, Dario V. Fassi wrote:
It's available a Signed Version of postgresql.jar ?
No, but why would you want one? As I understand it signed jar files are
only useful in a sandboxed environment where access to protected resources
is desired. The postgresql jar file itself is useless without an
application calling it so the application should include the
postgresql.jar file and be signed, not the pg jar file.
Further as the driver is maintained by unrelated volunteers there are
problems because no one individual is in charge of producing the jar
files and there is no certificate chain available from someone like
Verisign.
Kris Jurka
--
Dario V. FassiSISTEMATICA ingenieria de software srl
Ituzaingo 1628 (2000) Rosario, Santa Fe, Argentina.
Tel / Fax: +54 (341) 485.1432 / 485.1353
