A
Andy Dingley
I'm having a series of ructions with our on-site installation people,
re: JAR signing. It's a big app, big budget, and we have lots of
be-suited consultants running around on customer sites for long
periods. I live back in the coder's garret, making the product.
Sometimes they throw me the odd doughnut.
Basically they're reporting every bug and misconfiguration they can
find as being caused by our recent switch to JARs rather than loose
..class files, and in particular by these JARs being signed. It's a
self-generated key, without an X509 cert (at present).
Before I go postal with the +3 Lart-o-doom, can I please ask if there
are _ANY_ circumstances, no matter how perverse, where signing a JAR
could cause something to break? I know of nothing. Nada. Zilch.
One problem we have had was due to signing across two JARs having been
done by different keys. As the real problem here was trying to mix code
from product versions V1 and V2 (a big non-no anyway) then I see this
more as a feature than a bug. But try telling them that...
re: JAR signing. It's a big app, big budget, and we have lots of
be-suited consultants running around on customer sites for long
periods. I live back in the coder's garret, making the product.
Sometimes they throw me the odd doughnut.
Basically they're reporting every bug and misconfiguration they can
find as being caused by our recent switch to JARs rather than loose
..class files, and in particular by these JARs being signed. It's a
self-generated key, without an X509 cert (at present).
Before I go postal with the +3 Lart-o-doom, can I please ask if there
are _ANY_ circumstances, no matter how perverse, where signing a JAR
could cause something to break? I know of nothing. Nada. Zilch.
One problem we have had was due to signing across two JARs having been
done by different keys. As the real problem here was trying to mix code
from product versions V1 and V2 (a big non-no anyway) then I see this
more as a feature than a bug. But try telling them that...