RFR 8242260: Remove customizable ContentSigner from jarsigner
Weijun Wang
weijun.wang at oracle.com
Thu Apr 9 14:52:48 UTC 2020
All info for signing are passed into a ContentSigner through a ContentSignerParameters object. In order to pass more info, I’ll need to create new interface methods for it.
—Max
> 在 2020年4月9日,21:27,Sean Mullan <sean.mullan at oracle.com> 写道:
>
> On 4/9/20 3:13 AM, Wang Weijun wrote:
>> Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh.
>
> Why would you need to do that if they are deprecated?
>
> --Sean
>
>> --Max
>>>> 在 2020年4月9日,01:58,Sean Mullan <sean.mullan at oracle.com> 写道:
>>>
>>> We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice.
>>>
>>> I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17.
>>>
>>> I'm ok with removing the jarsigner options because the man page already warned that they may be removed.
>>>
>>> --Sean
>>>
>>>
>>>> On 4/7/20 4:04 AM, Weijun Wang wrote:
>>>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>>>> JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>>>> Please review everything at:
>>>> Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>>>> CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>>> webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>>>> The CSR "Problem" section has more info on why it's better to remove it now.
>>>> Thanks,
>>>> Max
More information about the security-dev
mailing list