I've been thinking about the best way for developers of open source apps to get their j2me applications signed, without them needing to pay lots of money for a verisgn developer certificate, and without allowing commercial application providers to get their apps signed on the sly. I think I've found a possible route:
* An automated j2me application signing website is set up for open source projects
* You go to it, and pick your open source licence
* You upload your source code, and confirm it is under the chosen licence
* The site publishes your code to all, and tags it with the licence
* You upload a build template (could be an ant build file, could be some xml), which specifies the permissions required, midlet definitions etc
* The site builds your code based on the template
* The site signs your code, and attaches a notice at install time which says "This application is distributed under an open source licence, X. You may download the code for it from http://<signing site>/"
* You can download the signed code, and distribute it from your site
With this scheme, open source developers can get their apps signed easily and for free. Commercial companies won't be tempted to abuse it, because if they did, their source code would be available to all under an open source licence, which they wouldn't want.
It doesn't address the need for a java equivalent of the symbian signed devcert, so we can develop our open source apps on our own phones, but at least we could then get the distribution versions signed for free.
Can anyone see any flaws in the plan, other than the need to convince Nokia to implement it?