RFR 8242260: Remove customizable ContentSigner from jarsigner

Weijun Wang weijun.wang at oracle.com
Thu Apr 9 14:52:48 UTC 2020


All info for signing are passed into a ContentSigner through a ContentSignerParameters object. In order to pass more info, I’ll need to create new interface methods for it. 

—Max

> 在 2020年4月9日,21:27,Sean Mullan <sean.mullan at oracle.com> 写道:
> 
> On 4/9/20 3:13 AM, Wang Weijun wrote:
>> Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh.
> 
> Why would you need to do that if they are deprecated?
> 
> --Sean
> 
>> --Max
>>>> 在 2020年4月9日,01:58,Sean Mullan <sean.mullan at oracle.com> 写道:
>>> 
>>> We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice.
>>> 
>>> I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17.
>>> 
>>> I'm ok with removing the jarsigner options because the man page already warned that they may be removed.
>>> 
>>> --Sean
>>> 
>>> 
>>>> On 4/7/20 4:04 AM, Weijun Wang wrote:
>>>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>>>>             JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>>>> Please review everything at:
>>>>    Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>>>>             CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>>>          webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>>>> The CSR "Problem" section has more info on why it's better to remove it now.
>>>> Thanks,
>>>> Max



More information about the security-dev mailing list