Hi Omar, On Mon, Feb 20, 2012 at 8:56 AM, Omar Gonzalez <omarg.develo...@gmail.com> wrote: > ...RSL stands for runtime shared library. Portions of the Flex SDK are > compiled into .SWZ files that are(were) signed by Adobe. This would yield > two benefits, 1.) security and 2.) Flash Player RSL caching at a global > level (all domains), meaning all sites using a specific version of the Flex > SDK can be cached only once by a user. Because Adobe will no longer sign > Apache Flex RSLs we lose #2. Having Apache host RSLs would help us to > resolve #1 as Adobe will no longer host our RSLs...
Thanks for the explanation, so IIUC RSLs are binary files that are signed and hosted on http servers. Apache does have a mirroring structure (see http://www.apache.org/mirrors/ for example), so hosting is not a problem. Files released by Apache projects are usually signed using detached PGP signatures, see http://www.apache.org/dev/release-signing - a release manager signs the files, and the release is backed by a PMC vote, making it an act of the foundation. In the case of RSLs I assume signatures are checked by the client, what are the requirements for that? -Bertrand
