* Charles Fry: >> In the meantime, it occurred to me that the certified key (including >> the private key) would have to be included in the source package, >> otherwise the package would fail to build from source. >> >> While I see nothing in Sun's form that requires us to keep the private >> key secret, publishing it still not be such a good idea. > > The key must be kept secret, otherwise it can't be trusted (i.e. people > could maliciously modify the code, and then sign their modifications).
And how would this be a problem? Keep in mind that it's apparently pretty easy to obtain your own certificate. (That's part of the reason why I still wonder why this signature is necessary.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
