On Thu, 8 Jul 2004, Dario V. Fassi wrote:
> Of course , anyone can sign postgresql.jar with their own certificate
> (or self signed certificate), but how in JavaWebStart the certificate
> is presented to the user for acceptance , will be better if the
> certificate belong to the official organization.
This makes sense, but isn't exactly an item that anyone else has been
begging for. Does it matter which developer signs it? Does it need to be
the same one every time? If yes, then we don't have that infrastructure
available at the moment and I don't see how to build it given the
looseness of our organization. If no, then why not just sign it yourself.
I guess I just fail to see the point of self signing.
> If the development group don't have a real certificate , since the
> development group is a non-profit organization, I think that Verising or
> any other certification authority can donate one.
I'll believe that when I see it.
Kris Jurka