RFR: 8215788: Clarify JarInputStream Manifest access [v7]

Alan Bateman alanb at openjdk.org
Tue Sep 20 17:39:53 UTC 2022 

On Tue, 20 Sep 2022 10:49:59 GMT, Lance Andersen <lancea at openjdk.org> wrote:

>>> OK, will make another pass at this today
>> 
>> I looked at the latest draft (2bafc00c). I think it would help if the section "Verifying a JarInputStream" were renamed to "Signed JAR files".  The link to getManifest makes the reader wonder if they have to call this method whereas I think what you want to say that the manifest must be at the start of the stream (as per the first section) and then followed by signature entries.
>
>> > OK, will make another pass at this today
>> 
>> I looked at the latest draft ([2bafc00](https://github.com/openjdk/jdk/commit/2bafc00cc462b7af3f724371ac1bef5fd99c989c)). I think it would help if the section "Verifying a JarInputStream" were renamed to "Signed JAR files".
> 
> OK, I will change as you suggest
> 
>  The link to getManifest makes the reader wonder if they have to call this method whereas I think what you want to say that the manifest must be at the start of the stream (as per the first section) and then followed by signature entries.
> 
> The reason I used the getManifest wording is I felt it was easier and less redundant than copying the wording about the Manifest needing to be either the first or second entry (assuming META-INF/ is the first in the stream).  However if you prefer that, I will make that change.

Thanks for the updates in 69138715.  Just one comment on the updated text, and specifically this sentence:

+ *  A {@code JarInputStream} may be used to verify the signatures of a
+ *  <a href="{@docRoot}/../specs/jar/jar.html#signed-jar-file">signed JAR file</a>
+ *  assuming the following requirements are met:

The signatures are verified by default so I think you can reduce this down to:
 
A {@code JarInputStream}  verifies the signatures of entries in a <a href="{@docRoot}/../specs/jar/jar.html#signed-jar-file">Signed JAR file</a>  when:

We could say that a program could opt-out of verification by using the 2-arg constructor but that is probably too much to try to fit in here.

-------------

PR: https://git.openjdk.org/jdk/pull/10045

More information about the core-libs-dev mailing list