Build all and test JogAmp Modules w/ Java7 targeting Java6 bytecode for security reasons.
- Read http://www.kb.cert.org/vuls/id/225657
- No more Java6 security updates
- No more java6 toolchain available (but Red Hat's openjdk6 ..)
- Building w/ Java7 will produce Java6 bytecode using
source and target levels 1.6, as well as using a java6 rt.jar.
Apply JAR Manifest tags: Sealed, Permissions and Codebase
Note: The Manifest file is included in the signed JAR file .. and signed.
- Read http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/no_redeploy.html
- Using 'Sealed' on jogamp.* classes impl. / direct acessing the JNI code - so there will be no 'derivation'
- 'Codebase: *.jogamp.org' will prevent copying the signed jar files and survive a vulnerability deletion,
i.e. if we delete our copy from the server it .. it's of no use anymore.
Users would need to signed the jars to be used on their servers.
Yes, this is more like snake oil .. not real security.
Better: A policy how to mark determine a valid location of signed content
allowing us to control it's lifecycle.
Sealed, also allows us to forbid non intentional use, i.e. derivation / override.
.. in process.