Wrong statement suspected in jar.html

[Philipp Kunz]

Hi,

https://docs.oracle.com/javase/10/docs/specs/jar/jar.html#signature-val
idation says:
When the jar tool is used to add files, the manifest file is changed 
(s
ections are added to it for the new files), but the signature file is 
n
ot.

It appears to me that using the jar tool to add files to a jar file
does not change the jar manifest. The jar manifest is changed by the
jarsigner tool when signing the jar.

I haven't found the sources of that referenced jar.html and therefore
I'm not sure whether my concern still currently applies or has been
fixed since JDK 10.

I'm also not sure where and how to report this issue. I'd be glad if
someone could point me to the right place or forward this message
accordingly.

A suggested alternative for the sentence in question might be to delete
it without replacement. In my opinion, the remaining text would look
fine like this:
One reason the digest value of the manifest file that is stored in the
x-Digest-Manifest attribute may not equal the digest value of the
current manifest file is that one or more files were added to the JAR
file (using the jar tool) after the signature (and thus the signature
file) was generated. A verification is still considered successful if
none of the files that were in the JAR file when the signature was
generated have been changed since then, which is the case if the digest
values in the non-header sections of the signature file equal the
digest values of the corresponding sections in the manifest file.

When at it already, let me mention that I'm not entirely sure if the
term "non-header sections" fits the context optimally. What about
"individual sections" or "source file information sections" instead?

Philipp