Menu
▾
▴
Re: [Jmol-developers] Important Java changes - January 2014
|
From: Nicolas V. <nve...@gm...> - 2013-10-31 22:56:07
|
Hi Bob, For a certificate from a trusted authority, you can get one from Certum for free as an open source developer. I got one about two weeks ago, and it seems to work ok. https://www.certum.eu/certum/cert,offer_en_open_source_cs.xml Nico On Thu, Oct 31, 2013 at 11:38 PM, Robert Hanson <ha...@st...> wrote: > I direct the discussion to > > > https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias > > I believe this is the end of the unsigned Jmol Java applet along with > JSpecView and JME. > > In addition, I'm pretty sure our free-be signing will not pass muster as a > "trusted authority": > > RIAs must contain two things: > > 1. Code signatures from a trusted authority. All code for Applets and > Web Start applications must be signed, regardless of its Permissions > attributes. > 2. Manifest Attributes > 1. Permissions – Introduced in 7u25, and required as of 7u51. > Indicates if the RIA should run within the sandbox or require > full-permissions. > 2. Codebase – Introduced in 7u25 and optional/encouraged as of > 7u51. Points to the known location of the hosted code (e.g. > intranet.example.com) <http://intranet.example.com>. > > The latest upload of Jmol takes care of (2a). However, unless (2b) allows > > Codebase: * > > that's pretty much it for the signed applet as well. [Or maybe someone > goes into the business of making custom signed Jmol applets for people!] > > Suggestions? Comments? > > If deployment of the signed Jmol applet is of interest, we will need a > sponsor, because a certificate costs US$500/year. Let me know if you are > interested in being that sponsor. > > At least we have a two-month lead on this (and I am headed for a visit > with RCSB on Sunday). > > > Bob > > > > -- > Robert M. Hanson > Larson-Anderson Professor of Chemistry > St. Olaf College > Northfield, MN > http://www.stolaf.edu/people/hansonr > > > If nature does not answer first what we want, > it is better to take what answer we get. > > -- Josiah Willard Gibbs, Lecture XXX, Monday, February 5, 1900 > > > > ------------------------------------------------------------------------------ > Android is increasing in popularity, but the open development platform that > developers love is also attractive to malware creators. Download this white > paper to learn more about secure code signing practices that can help keep > Android apps secure. > http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk > _______________________________________________ > Jmol-developers mailing list > Jmo...@li... > https://lists.sourceforge.net/lists/listinfo/jmol-developers > > |