ETA for 2.7.2 or 2.8?

pjohnsen · May 03, 2011, 15:34:08

Just wandering if anyone has a rough ETA for next version?

I'm waiting for a properly signed build with a couple of bug fixes.

Especially the al_version bug (http://lwjgl.org/forum/index.php/topic,3895.0.html) is rather annoying.

I know I could probably do a build on my own (or take one of the nightlies), but my project doesn't currently have the budget for the signing cert

Matzon · May 03, 2011, 21:21:21

there is no eta.
kappaOne is working on some applet loader stuff, and I guess we should wait for that. Could be nice to get a release out this weekend, and then Spasi can trash the repo afterwards

pjohnsen · May 04, 2011, 12:22:51

Let me know if I can do anything to help

Trashing the repo .. that sounds rather bad

pjohnsen · June 07, 2011, 06:41:16

Bump

My main problem is that the mentioned al_version bug causes my applet to download all the lwjgl jars on every page load. I'm running on Google App Engine, which unfortunately doesn't set the last-modified header for static files (it uses etag instead), so the default applet loader caching doesn't work, and as al_version is broken in 2.7.1, I have no way to cache

So a new properly signed release would make my day

Let me know if there is anything I can do to help

jediTofu · June 08, 2011, 03:42:25

don't the nightly builds have this fixed?

pjohnsen · June 08, 2011, 05:26:25

Yes this is fixed in nighties, but as far as I can see they are self signed, i.e. not using the real LWJGL cert.

This causes some rather nasty security warnings when users tries to run the applet, along the lines of: we cannot verify the originator of this code, proceed with caution.

Unfortunately my project doesn't currently have the budget for it's own cert, which would of course also be a solution.

jediTofu · June 08, 2011, 07:51:54

I wonder how difficult it would be to also make the nightly builds automatically signed with the official cert? Or maybe it's against the cert or something.

pjohnsen · June 08, 2011, 08:00:08

That would actually be the best solution

I guess the issue is to make the cert available to the build server in a secure way. From my experience with jar signing, I don't think the cert itself would have any issues with this, but of course it has to be done in a way so no one else can get hold of the cert, and abuse it for signing all sorts of malicious stuff.

pjohnsen · June 19, 2011, 07:53:29

I tried going back to 2.6, but that is signed with the old Oddlabs cert, which has now expired

I'm a bit surprised if I'm the only one having this issue.

Again, let me know if there is anything I can do to help.

pjohnsen · July 08, 2011, 15:41:35

I've ended up getting my own signing cert. I found a reasonable price for Comodo certs here: https://secure.ksoftware.net/code_signing.html, if anyone else run into this issue

I'll post an update when I manage to get through the verification process and actually receive the cert, and see if I can get it working.

princec · July 08, 2011, 17:01:52

Didn't Comodo just get totally hacked?

Cas

pjohnsen · July 08, 2011, 19:14:52

Hehe .. maybe that's why the price is so cheap

Anyway I managed to get through verification and received the cert already, which was faster than expected.

I've imported it to a java keystore, so far so good. I'll get back with an update, when I've tried actually signing something with it.

pjohnsen · July 11, 2011, 09:55:29

FWIW, after some ant hacking I got everything working with pack, lzma, etc.

Haven't had any issues with the cert, and now caching is working for me again

News:

ETA for 2.7.2 or 2.8?