RFR: 8215788: Clarify JarInputStream Manifest access [v6]
Lance Andersen
lancea at openjdk.org
Tue Sep 20 11:03:38 UTC 2022
On Mon, 19 Sep 2022 20:30:48 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Does this mean that the "Verifying a JarInputStream" should also avoid mentioning "getManifest method returns the manifest"? I understand precisely it should be "getManifest method is able to return the manifest if you call it".
See Alan's comment below. I will be copying the wording regarding the Manifest being the 1st/2nd entry
>
> It almost sounds like we should first define the concepts of "well-formed JAR file" and "well-formed signed JAR" and then specify what these methods behave.
The Manifest location requirement is unique to JarInputStream so really want to try to keep these updates to a minimum if at all possible so that we are not copying parts of the Jar spec into the javadoc.
-------------
PR: https://git.openjdk.org/jdk/pull/10045
More information about the security-dev
mailing list