RFR: 8273401: Remove JarIndex support in URLClassPath [v2]
wxiang
github.com+53162078+shiyuexw at openjdk.java.net
Wed Sep 8 06:22:40 UTC 2021
On Tue, 7 Sep 2021 17:39:20 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/java/util/jar/JarVerifier.java line 147:
>>
>>> 145:
>>> 146: if (uname.equals(JarFile.MANIFEST_NAME) ||
>>> 147: uname.equals(JarFile.INDEX_NAME)) {
>>
>> It would be useful if someone from security-libs could comment on this. The interaction between signed JAR and JAR index isn't very clear. The change you have is safe but it might be that we can drop the checking for INDEX.LIST here.
>
> I am thinking this line should not be removed for compatibility with existing JARs that have indexes.
still keep the code
-------------
PR: https://git.openjdk.java.net/jdk/pull/5383
More information about the security-dev
mailing list