[9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

Aaron Digulla digulla at hepe.com
Fri Jun 20 10:00:01 UTC 2014


Am Donnerstag, 19. Juni 2014 23:49 CEST, Joe Darcy <joe.darcy at oracle.com> schrieb: 
 
> I'd prefer to see the CheckJarSigError.sh as a Java program.

There original bug report contains a full self-contained test case in Java. Why was that split into several files?

I'm also a bit uneasy about the "just show the file name". I have thousands of JARs with the same name on my harddisk (several Maven repos, target folders, you name it). If you strip the path from the error message, then I have to somehow figure out the classpath which was used.

That might work when I run Java from the command line but when I use complex frameworks like OSGi or Maven which do all kinds of magic to determine which JARs they might want to load, then this doesn't help much.


At least add a command line option / system property which allows to see the full path.

Regards,
 
-- 
Aaron "Optimizer" Digulla a.k.a. Philmann Dark
"It's not the universe that's limited, it's our imagination.
Follow me and I'll show you something beyond the limits." 
http://blog.pdark.de/ 



More information about the security-dev mailing list