RFR 8242260: Remove customizable ContentSigner from jarsigner
Wang Weijun
weijun.wang at oracle.com
Thu Apr 9 07:13:09 UTC 2020
Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh.
--Max
> 在 2020年4月9日,01:58,Sean Mullan <sean.mullan at oracle.com> 写道:
>
> We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice.
>
> I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17.
>
> I'm ok with removing the jarsigner options because the man page already warned that they may be removed.
>
> --Sean
>
>
>> On 4/7/20 4:04 AM, Weijun Wang wrote:
>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>> JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>> Please review everything at:
>> Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>> CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>> webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>> The CSR "Problem" section has more info on why it's better to remove it now.
>> Thanks,
>> Max
More information about the security-dev
mailing list