RFR 8242260: Remove customizable ContentSigner from jarsigner
Sean Mullan
sean.mullan at oracle.com
Wed Apr 8 17:58:37 UTC 2020
We never actually deprecated the com.sun.jarsigner package with a
forRemoval=true flag, so while it may be very low-risk to remove these
APIs, I feel that we should not remove it w/o prior notice.
I would suggest adding the forRemoval=true for this package/APIs
instead, and plan on removing it in JDK 16 or 17.
I'm ok with removing the jarsigner options because the man page already
warned that they may be removed.
--Sean
On 4/7/20 4:04 AM, Weijun Wang wrote:
> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>
> JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>
> Please review everything at:
>
> Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
> CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
> webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>
> The CSR "Problem" section has more info on why it's better to remove it now.
>
> Thanks,
> Max
>
More information about the security-dev
mailing list