Code signing [Was: JEP draft: Prepare to Restrict The Use of JNI]
Andrew Haley
aph-open at littlepinkcloud.com
Wed Sep 6 12:45:13 UTC 2023
On 9/6/23 10:06, Alan Bateman wrote:
> Signing did come up in the previous commotion around taming agents but
> not seriously due to the challenges establishing trust, and all
> complexity and usability issues that go with signing. There were also
> concerns building open source projects that would need to be signed.
While there certainly are challenges, none of these challenges fall on
the Java project itself. And given that the code-signing mechanism
already exists, IMO it's the obvious way to bless a native library.
All my proposal does is give the Java user a way to extend the "I
trust the JDK to call native code safely" to "I trust the JDK, and
these authors (or some libraries I have signed) to do so."
--
Andrew Haley (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the jdk-dev
mailing list