RFR 8242260: Remove customizable ContentSigner from jarsigner

Weijun Wang weijun.wang at oracle.com
Thu Apr 16 05:46:08 UTC 2020 

Thanks. All suggestions accepted.

--Max

> On Apr 16, 2020, at 2:40 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 4/14/20 3:27 AM, Weijun Wang wrote:
>> After some discussion, we decide to keep the classes in JDK 15 but add a `forRemoval=true` argument. Related jarsigner help screen and warning message are also updated.
>> Please review everything updated at:
>>   Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
> 
> Reviewed. I think it is probably better to flag this with an RN-Deprecated label since this is about marking it for removal and will show up in a section of the release notes about deprecation. You could check with others on this though.
> 
>>            CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>         webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.01/ (a new URL!)
> 
> - add 2020 date to copyright in package-info.java
> 
> - Resources.java:
> 
> 94 {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
>  95                 "[-altsigner <class>]        class name of an alternative signing mechanism\n" +
>  96                 "                            (This option has been deprecated and will be removed in a future release.)"},
>  97 {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
>  98                 "[-altsignerpath <pathlist>] location of an alternative signing mechanism\n" +
>  99                 "                            (This option has been deprecated and will be removed in a future release.)"},
> 
> I would change "has been deprecated" to "is deprecated" which is consistent with the "This.option.is.forremoval" message and seems a bit clearer.
> 
> --Sean
> 
>> Thanks,
>> Max
>>> On Apr 7, 2020, at 4:04 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes:
>>> 
>>>            JBS : https://bugs.openjdk.java.net/browse/JDK-8242260
>>> 
>>> Please review everything at:
>>> 
>>>   Release note : https://bugs.openjdk.java.net/browse/JDK-8242261
>>>            CSR : https://bugs.openjdk.java.net/browse/JDK-8242262
>>>         webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/
>>> 
>>> The CSR "Problem" section has more info on why it's better to remove it now.
>>> 
>>> Thanks,
>>> Max
>>>

More information about the security-dev mailing list