RFR 8242260: Remove customizable ContentSigner from jarsigner

Sean Mullan sean.mullan at oracle.com
Wed Apr 15 18:40:30 UTC 2020 

On 4/14/20 3:27 AM, Weijun Wang wrote:
> After some discussion, we decide to keep the classes in JDK 15 but add a `forRemoval=true` argument. Related jarsigner help screen and warning message are also updated.
> 
> Please review everything updated at:
> 
>    Release note : https://bugs.openjdk.java.net/browse/JDK-8242261

Reviewed. I think it is probably better to flag this with an 
RN-Deprecated label since this is about marking it for removal and will 
show up in a section of the release notes about deprecation. You could 
check with others on this though.

>             CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>          webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.01/ (a new URL!)

- add 2020 date to copyright in package-info.java

- Resources.java:

  94 
{".altsigner.class.class.name.of.an.alternative.signing.mechanism",
   95                 "[-altsigner <class>]        class name of an 
alternative signing mechanism\n" +
   96                 "                            (This option has been 
deprecated and will be removed in a future release.)"},
   97 
{".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
   98                 "[-altsignerpath <pathlist>] location of an 
alternative signing mechanism\n" +
   99                 "                            (This option has been 
deprecated and will be removed in a future release.)"},

I would change "has been deprecated" to "is deprecated" which is 
consistent with the "This.option.is.forremoval" message and seems a bit 
clearer.

--Sean

> 
> Thanks,
> Max
> 
>> On Apr 7, 2020, at 4:04 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>>
>>             JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>>
>> Please review everything at:
>>
>>    Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>>             CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>          webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>>
>> The CSR "Problem" section has more info on why it's better to remove it now.
>>
>> Thanks,
>> Max
>>
>

More information about the security-dev mailing list