RFR: 8303410: Remove ContentSigner
Lance Andersen
lancea at openjdk.org
Wed Mar 1 11:49:01 UTC 2023
On Wed, 1 Mar 2023 07:52:58 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:
> Suggested CSR:
>
> ### Compatibility Kind:
> source, binary, behavioral
>
> ### Compatibility Risk
> minimal
>
> ### Compatibility Risk Description
> The APIs were deprecated in JDK 9 with no known existing use. The probability that they have been used after that time is low.
>
> ### Summary
> The `ContentSigner` API in `com.sun.jarsigner` and the accompanying `jarsigner` options `-altsigner` and `-altsignerpath` options have been deprecated for removal since JDK 15 and should be removed.
>
> ### Problem
> This extension mechanism was deprecated in JDK 9 since it was deemed too low-level and had no known use. Removing it will reduce maintainence costs for jarsigner.
>
> ### Solution
> Remove the terminally deprecated classes `com.sun.jarsigner.ContentSigner`, `com.sun.jarsigner.ContentSignerParameters`and the associated `package-info.java` file.
>
> Remove the `-altsigner` and `-altsignerpath` options from jarsigner tool. Remove any mention of these options from the jarsigner man page.
>
> ### Specification
> The classes `com.sun.jarsigner.ContentSigner` and `com.sun.jarsigner.ContentSignerParameters` are removed. Any class implementing these interfaces will fail to compile.
>
> `jarsigner --help` no longer list the -altsigner or -altsigner options.
>
> `jarsigner -altsigner` will fail with an 'illegal option' message:
>
> ```
> % jarsigner -altsigner
> Illegal option: -altsigner
> ```
This looks good overall. I would probably make the compatibility risk _low_.
For your spec changes, I might borrow the format I used in [JDK-8193757](https://bugs.openjdk.org/browse/JDK-8193757)
-------------
PR: https://git.openjdk.org/jdk/pull/12791
More information about the security-dev
mailing list