The last I heard from infrastructure was that JNLP is already added to the mime types on the webserver (standard setting now with most web servers I think). However they do not give out the apache certificate, and for good reasons.
But will the ASF sign a certificate we present to them?
So we don't have is a certificate. I managed to get a free certificate under my work email address, and signed Chainsaw and dependand packages for internal use. I could volunteer to use my apache email address for the signing...? That would require of course that people downloading the signed jars via web start would have to 'trust' my email address. I wonder if someone like Ceki's name might have more 'trustworthyness'.. But I am happy to sign the jars if that works for people.
Without a certificate chain, you can actually sign with my name, you can even sign as "The President of the United States of America."
Alternatively there could be a Logging Service Certificate, but I am not sure how one would obtain something like that. Probably costs a bit.
Do you know if the ASF have a certification policy? If it does, then we should follow it. If it doesn't, then we are left only with bad alternatives.
cheers,
Paul Smith
-- Ceki G�lc�
For log4j documentation consider "The complete log4j manual"
ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
