Our code signing cert expires on March 7th. With lots of help from
Pierre, I have gotten a new cert that's good until March of 2009. I've
freshly built and signed the following jars with it:
gallery/java/GalleryRemoteHTTPClient.jar
gallery/java/GalleryRemoteAppletMini.jar
gallery/java/GalleryRemoteApplet.jar
gallery/java/applet_img.jar
gallery2/modules/uploadapplet/applets/GalleryRemoteHTTPClient.jar
gallery2/modules/uploadapplet/applets/GalleryRemoteAppletMini.jar
gallery2/modules/uploadapplet/applets/applet_img.jar
gallery2/modules/slideshowapplet/applets/GalleryRemoteHTTPClient.jar
gallery2/modules/slideshowapplet/applets/GalleryRemoteAppletMini.jar
gallery2/modules/slideshowapplet/applets/applet_img.jar
I built these with Java 1.5 but the build system is set up to generate
JVM 1.3 compatible bytecode, so it should work on the majority of browsers.
The following jars HAVE NOT been signed:
gallery/java/metadata-extractor-2.1.jar
gallery2/modules/core/classes/GalleryStorage/g2_db2.jar
gallery2/modules/panorama/java/Metamorphose.jar
Of those it seems like we should probably sign the Metamorphose jar
since that's getting used as an applet. This applet is *not* signed
now. Do we have the source code? I decompiled it and inspected the
source and it looks safe to me but I'd like a second opinion before I
sign it with our name. Can somebody else be the second set of eyes?
thanks,
-Bharat
|
