RFR 8242260: Remove customizable ContentSigner from jarsigner

Sean Mullan sean.mullan at oracle.com
Thu Apr 9 13:27:28 UTC 2020


On 4/9/20 3:13 AM, Wang Weijun wrote:
> Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh.

Why would you need to do that if they are deprecated?

--Sean

> 
> --Max
> 
>> 在 2020年4月9日,01:58,Sean Mullan <sean.mullan at oracle.com> 写道:
>>
>> We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice.
>>
>> I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17.
>>
>> I'm ok with removing the jarsigner options because the man page already warned that they may be removed.
>>
>> --Sean
>>
>>
>>> On 4/7/20 4:04 AM, Weijun Wang wrote:
>>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>>>              JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>>> Please review everything at:
>>>     Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>>>              CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>>           webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>>> The CSR "Problem" section has more info on why it's better to remove it now.
>>> Thanks,
>>> Max
> 


More information about the security-dev mailing list