Code signing [Was: JEP draft: Prepare to Restrict The Use of JNI]
Attila Kelemen
attila.kelemen85 at gmail.com
Thu Sep 7 13:29:36 UTC 2023
>
>
> What exactly do you mean by "the manifest entry"? Which manifest? In the
> library? Does the application need a transitive list of its dependencies?
> How does this scale? Who gets to decide?
>
I meant entries in "META-INF/MANIFEST.MF". That is not too much different
than signing the jar. The only thing about the signature is that you can
trust that it was not maliciously modified (but I don't think it is
relevant here). However, you can put more detailed "description" in the
manifest. I'm not sure what you mean by "scaling"-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20230907/03dc7a64/attachment.htm>
More information about the jdk-dev
mailing list