RFR 8242260: Remove customizable ContentSigner from jarsigner

Sat Apr 11 15:04:45 UTC 2020

Today if you call "jarsigner -altsigner", it works but shows a warning:

   This option is deprecated: -altsigner

I think we have several solutions now:

1. Remove the options. The deprecated classes become useless.

2. Keep the options and update the deprecated classes to work with new signature algorithms. The update will likely to be 2 new methods and deprecating one existing.

Anyway, we will add a forRemoval=true to the classes.

Of course, if we can remove all of them, that will be very clean. I'll write a mail asking Joe and Stuart tomorrow. It's 11pm here.

--Max

> On Apr 11, 2020, at 10:56 PM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> 
> On 11/04/2020 15:41, Weijun Wang wrote:
>> The options were already deprecated long ago:
>> 
>> $ $J14/bin/jarsigner
>> Usage: jarsigner [options] jar-file alias
>>        jarsigner -verify [options] jar-file [alias...]
>> ...
>> 
>> [-altsigner <class>]        class name of an alternative signing mechanism
>>                             (This option has been deprecated.)
>> 
>> [-altsignerpath <pathlist>] location of an alternative signing mechanism
>>                             (This option has been deprecated.)
>> ...
>> 
>> and they are listed in a "Deprecated Options" section in the tooldoc with "might be removed in a future JDK release".
>> 
>> The only problem is I forgot to add a forRemoval=true argument to the @Deprecated annotation of the classes.
>> 
> I think the next step is to terminally deprecate the API, this means adding forRemoval=true to create awareness at compile-time.  You can then remove in some future release. You can use the opportunity to add a warning to the jarsigner tool so that someone using these options gets a warning and knows it will be removed in the future (they might not see deprecation notice in the usage/help output).
> 
> -Alan