In Pivot's case at least, I doubt that such a service would be a hardship. We wouldn't be signing the jars every time we build, but more like every time we release.
For what it's worth, in the Java apps I've written that required signed jars, the class loader complained if the jars weren't all signed with the same cert. Since Pivot's a library and not an application, that would imply that developers building apps against Pivot wouldn't want the jars to be signed by our cert at all. I've been going under the impression that we'd only sign the jars that serve our demos and tutorials on the web site -- *not* the jars that we release. -T On Mon, Dec 7, 2009 at 7:29 PM, William A. Rowe Jr. <[email protected]>wrote: > Greg Brown wrote: > > > >> I'd love to work with you and anyone else interested on the Java side to > map out the > >> details of this service and decide between several alternative options. > > > > I would be happy to help. Let me know how I can contribute. > > What I'd like to understand is if sending that built jar to a service, and > receiving > a signed jar back, is a hardship. I can imagine projects where there are > dozens of > jars to sign (commons comes to mind) where this would be difficult. What's > the > situation at the pivot project? >
