RFR: 8273401: Remove JarIndex support in URLClassPath [v2]

wxiang github.com+53162078+shiyuexw at openjdk.java.net
Wed Sep 8 06:22:40 UTC 2021


On Tue, 7 Sep 2021 17:39:20 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> src/java.base/share/classes/java/util/jar/JarVerifier.java line 147:
>> 
>>> 145: 
>>> 146:                 if (uname.equals(JarFile.MANIFEST_NAME) ||
>>> 147:                         uname.equals(JarFile.INDEX_NAME)) {
>> 
>> It would be useful if someone from security-libs could comment on this. The interaction between signed JAR and JAR index isn't very clear. The change you have is safe but it might be that we can drop the checking for INDEX.LIST here.
>
> I am thinking this line should not be removed for compatibility with existing JARs that have indexes.

still keep the code

-------------

PR: https://git.openjdk.java.net/jdk/pull/5383



More information about the security-dev mailing list