Secure Coding mailing list archives

Code signing and Java Web Start

From: Mona Wong-Barnum <mona () ncmir ucsd edu>
Date: Thu, 26 Feb 2004 02:45:04 +0000

Hi:

        I am asking for opinions on the issue of code signing and Java Web 
Start.
        
        We are about to have a meeting on this issue and I need some ammunition 
on why we should NOT be signing other people's code which we use in our Java 
applications that we serve out of Java Web Start.  I know that signing coding 
from unknown sources is very bad...but I think I need some "proof" or info that 
will help the managers understand the implication of this in term of reliability 
and responsibility.  It is my responsibility to educate my managers so that they 
can make the best possible choice; the rest is then out of my hands.
        
        All help will be greatly appreciated!
        
thanks,
Mona

==================================================================
  Mona Wong-Barnum
  National Center for Microscopy and Imaging Research
  University of California, San Diego
  http://ncmir.ucsd.edu/

  "If you don't have time to do it right, will you have time
  to do it over?"
                             -- unknown
==================================================================

Current thread:

Code signing and Java Web Start Mona Wong-Barnum (Feb 25)
- RE: Code signing and Java Web Start Dave Paris (Feb 26)
- <Possible follow-ups>
- RE: Code signing and Java Web Start Gary McGraw (Feb 26)
  - Re: Code signing and Java Web Start Kenneth R. van Wyk (Feb 26)