Signing jars for application deployment through Web Start

[Animesh]

Hi

My application uses JFreeChart, and I intend to deploy my application using Java Web Start. For an application to have unrestricted access to client file system, Java Web Start requires the application jars to be signed. Is it legal for me to sign JFree chart for distribution and deployment with my application?

Thanks

Animesh

[David Gilbert]

I'm not sure I can give you a definitive answer, since I'm not all that familiar with the mechanics of Java Web Start or signed jar files.

One of the key principles of the GNU Lesser General Public Licence is that end-users should have the opportunity to use the JFreeChart source code if they want to. Meaning that they should be able to modify the version of JFreeChart that is included in the software they are using, recompile it, and continue working with the existing software but using the recompiled version of JFreeChart.

Would signing the jar file prevent this?

Regards,

Dave Gilbert

[ewon]

My application uses jfreechart, it works well. But when deploying it using java web start(the jars signed) , I find the application exits abnormally without any error information!
What's wrong? Help me!

Thanks

Ewon

[Taqua]

Hi David,

signing the code does not hide any information from the user, and they are always able to use the source code as they want.

But they are not able to claim, that Animesh has created the (now modified) jar. If they want to use their jar, they will have to sign it with their own keys (and then take resposibility for any harm that may happen when using the newly signed jars).

I think, if signing code would be illegal in the terms of the GPL, wouldn't the guys at www.kernel.org act illegal?
http://www.kernel.org/signature.html

Have more fun,
said Thomas