ETA for 2.7.2 or 2.8?

Started by pjohnsen, May 03, 2011, 15:34:08

Previous topic - Next topic

pjohnsen

Just wandering if anyone has a rough ETA for next version?

I'm waiting for a properly signed build with a couple of bug fixes.

Especially the al_version bug (http://lwjgl.org/forum/index.php/topic,3895.0.html) is rather annoying.

I know I could probably do a build on my own (or take one of the nightlies), but my project doesn't currently have the budget for the signing cert :(

Matzon

there is no eta.
kappaOne is working on some applet loader stuff, and I guess we should wait for that. Could be nice to get a release out this weekend, and then Spasi can trash the repo afterwards :)

pjohnsen

Let me know if I can do anything to help :)

Trashing the repo .. that sounds rather bad  ;D

pjohnsen

Bump :)

My main problem is that the mentioned al_version bug causes my applet to download all the lwjgl jars on every page load. I'm running on Google App Engine, which unfortunately doesn't set the last-modified header for static files (it uses etag instead), so the default applet loader caching doesn't work, and as al_version is broken in 2.7.1, I have no way to cache :(

So a new properly signed release would make my day :)

Let me know if there is anything I can do to help

jediTofu

don't the nightly builds have this fixed?
cool story, bro

pjohnsen

Yes this is fixed in nighties, but as far as I can see they are self signed, i.e. not using the real LWJGL cert.

This causes some rather nasty security warnings when users tries to run the applet, along the lines of: we cannot verify the originator of this code, proceed with caution.

Unfortunately my project doesn't currently have the budget for it's own cert, which would of course also be a solution.

jediTofu

I wonder how difficult it would be to also make the nightly builds automatically signed with the official cert?  Or maybe it's against the cert or something.
cool story, bro

pjohnsen

That would actually be the best solution  :)

I guess the issue is to make the cert available to the build server in a secure way. From my experience with jar signing, I don't think the cert itself would have any issues with this, but of course it has to be done in a way so no one else can get hold of the cert, and abuse it for signing all sorts of malicious stuff.

pjohnsen

I tried going back to 2.6, but that is signed with the old Oddlabs cert, which has now expired :(

I'm a bit surprised if I'm the only one having this issue.

Again, let me know if there is anything I can do to help.


pjohnsen

I've ended up getting my own signing cert. I found a reasonable price for Comodo certs here: https://secure.ksoftware.net/code_signing.html, if anyone else run into this issue :)

I'll post an update when I manage to get through the verification process and actually receive the cert, and see if I can get it working.

princec

Didn't Comodo just get totally hacked?

Cas :)

pjohnsen

Hehe .. maybe that's why the price is so cheap  ;D

Anyway I managed to get through verification and received the cert already, which was faster than expected.

I've imported it to a java keystore, so far so good. I'll get back with an update, when I've tried actually signing something with it.

pjohnsen

FWIW, after some ant hacking I got everything working with pack, lzma, etc.

Haven't had any issues with the cert, and now caching is working for me again :)