On May 31, 2012, at 7:39 AM, Henri Gomez <[email protected]> wrote:
>> CA certificate management is non-trivial matter. Right now it's >> pretty much orthogonal to OpenJDK development, and it's something >> for downstream distributors to handle. >> >> Personally, I'd like to keep it that way for OpenJDK 7 updates as >> I don't see the need for doing it in this Project, given that OpenJDK >> 7u distributors as well as organizations building their own JDKs >> based on OpenJDK 7u typically have their own ways of managing CA >> certificates in place specific to their needs. > > My question wasn't clear. > cacerts inclusion for OSX was at packaging level, ie like those I > didn't on openjdk-osx-build, so after stock OpenJDK build process. Henri, I think this is something you would have to bring up with Apple. The cacerts file in Apple's JDK was generated from the certificates in the 'System Roots' keychain (or, it was the last time I was responsible for doing it), so you may not have the legal right to redistribute it. As usual, there are no lawyers here. As Dalibor says, each JDK distributor or licensee is responsible for obtaining their own root certificates, and in Apple's case, they are already distributed via the OS, so the JDK was covered by those licenses. -- Scott K. ---------------------------------------- Scott Kovatch [email protected] Santa Clara/Pleasanton, CA
