Outdated certificates in JWS JOGL libraries

The certificates have expired at the official jogl Java Web Start libraries at : http://download.java.net/media/jogl/builds/archive/jsr-231-1.1.1/webstart/jogl.jnlp, and now my users are complaining about the nasty looking warning messages. Could somebody at SUN care to upgrade the jars?

Rune

Same as the applet launcher, Sun is being sloppy with renewing the certificates.

Please send an email to Kenneth Russell to ask for updating the certificate.

I have mailed him, even before I posted a message here. Nothing happened yet…

R

I will add my own to what I imagine is a flood of emails.

This is very, very bad. My work is currently being reviewed by a publisher and a professional society. The reviewers are not going to be impressed with error warning dialogs. I’ve put too much work into this project to see it torpedoed because Sun is too stingy/disorganized to re-up on their code signing certificates.

Frankly, this is just the sort of thing that I was afraid of when I decided to use Sun/Java/JOGL technology. This is incredibly irresponsible.

i was having the same issue, but i’ve since move to LWJGL as JOGL seems dead.

LWJGL is much more regularly updated, faster, has more features and not dependant on Sun who have a pretty lousy track record on fixing stuff.

It also seems to have a large community behind it so less likely to die like JOGL.

As I already said, JOGL is not dead.

I sent an email to Mr Russell and to Mr Goethel a few minutes ago, I assume the certificates will be updated in a few days. Sorry for the disturbance.

We’re working on getting the new signing certificate. Sorry for the disturbance.

Updates to the GlueGen runtime 1.0b06, JOGL 1.1.1, JOAL 1.1.2 and Java 3D 1.5.2 have been pushed out revising the signing certificate used for these binaries. As an added, though arguably dubious, benefit, if you are running Java SE 6 Update 10 or later you will not even need to accept a security dialog.

Note though that due to bugs in Java Web Start which apparently still haven’t been fixed you may need to clear out your Java Web Start cache. If you see UnsatisfiedLinkErrors against JOGL then try that.

Apologies for how long this took.

Forgot about the JNLPAppletLauncher, which has also been updated.

How is this made posible?
Would that be made possible for LWJGL too ?

Thank you very much. JOGL is not dead! It is very interesting… no security dialog :slight_smile:

Was jogl.dev.java.net updated? As far as I can see no.

Thanks to Ken et al.

:wink:

Now, if I can only get the JavaHelp people to update THEIR distribution’s signature, I’ll be a happy camper.

This is not the subject of this thread. When I read your message, I checked that nothing was wrong with the JOGL link:
http://download.java.net/media/jogl/builds/archive/jsr-231-1.1.1/webstart/jogl.jnlp

Everything is fine, I’m under Java 1.6 update 13, I have even no security popup, it is excellent. Therefore, as I already said, JOGL is not dead :smiley:

OK so it seems there is a certificate Sun can use to push native libraries to the client without a security popup. We’d rather like to get ahold of that certificate for LWJGL. What’s the score?

Cas :slight_smile:

I wonder how they decide who gets to use that special cert. Seems a bit unfair if one GL binding can and another can not… ::slight_smile:

I’m going to predict an exchange something like this:

LWJGL: “Can we use your magic certificate please?”
Sun: “No.”

Perhaps there’ll be some kind of verification process for which libs can be submitted in order to use Sun’s certificate, but it’ll be slow and expensive.

It is interesting that they’ve done this for JOGL though, as it exposes huge globs of native code (that Sun has no control over) directly to malicious applet writers. It’s going to be difficult to explain to an irate user that his pwned machine is the fault of his vulnerable graphics driver and not the invisible applet that accessed it.

Is the behavior of JMonkeyEngine programmers fair? JME 2 pretends to support JOGL but when some bugs are found in the JOGL renderer, it is not considered as important as bugs in the LWJGL renderer. “Charité bien ordonnée commence par soi-même” -> before complaining about Sun’s behavior, some people should teach their own lessons to themselves. Remind me who wrote the JOGL renderer of Ardor3D please.

It would be the same if LWJGL was able to benefit of this certificate and some people would program applets with it. If you really think Sun should not use this kind of certificate because it exposes huge globs of not controlled native code to malicious applet writers and if you are coherent, you won’t wish that LWJGL benefits of it neither.

I agree with your analysis of your hallucination of my position.
:-
Is this just a language barrier, or are you really this angry all the time?