Some offhand questions
Alan Bateman
alan.bateman at oracle.com
Sat Aug 24 14:21:28 UTC 2024
On 23/08/2024 23:04, Cesar Soares Lucas wrote:
> Hello!
>
> I've a few questions that I'd like to ask your opinion about.
>
> - Signed Jars: As far as I understand, we currently don't include classes from signed jars in the CDS archive. What is the reason for that? I had the impression that being able to archive such classes would be important given that many .jars are signed?!
>
As a general point, signed JARs on the class path or module path aren't
all that useful. It's very different to a signed JAR loaded from a
remote site where the JDK would need a lot more infrastructure to
validation certificate chains. There has been consideration on and off
for many years about dropping the support for JAR files on the class
path (and module path). The nice thing about dropping this (only from
the class path and module path) is that it would avoid executing a lot
of problematic security code when open JAR files.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/leyden-dev/attachments/20240824/ce5f0218/attachment.htm>
More information about the leyden-dev
mailing list