FYI Begin forwarded message:
> From: Greg Brown <[email protected]> > Date: December 7, 2009 12:52:48 PM EST > To: "William A. Rowe Jr." <[email protected]> > Cc: Apache Infrastructure <[email protected]>, > [email protected], Apache Security Response Team > <[email protected]> > Subject: Re: Summary of projects with client-side .jar's? > > Coincidentally, this question just came up on the Pivot dev list: > > http://mail-archives.apache.org/mod_mbox/incubator-pivot-dev/200912.mbox/%[email protected]%3e > > Most Pivot applications run client-side, so this discussion is definitely of > interest to us. > > Greg > > > On Dec 7, 2009, at 12:35 PM, William A. Rowe Jr. wrote: > >> Had a call last Friday with Verisign with respect to code signing >> which I'll write up shortly after I work out one detail with them. >> I also bounced one question of Mark Thomas. >> >> Mark pointed out that the only place code signing is terribly >> interesting right now is deploying client-side .jar's. Can anyone >> offer some insight into which projects that do so? This might be >> interesting to the security team as well, in terms of tracking which >> of the projects objects are deployed unbeknownst to the actual user. >> >> >
