RFR: 8303410: Remove ContentSigner

Lance Andersen lancea at openjdk.org
Wed Mar 1 11:49:01 UTC 2023


On Wed, 1 Mar 2023 07:52:58 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> Suggested CSR:
> 
> ### Compatibility Kind:
> source, binary, behavioral
> 
> ### Compatibility Risk
> minimal
> 
> ### Compatibility Risk Description
> The APIs were deprecated in JDK 9 with no known existing use. The probability that they have been used after that time is low.
> 
> ### Summary
> The `ContentSigner` API in `com.sun.jarsigner` and the accompanying `jarsigner` options `-altsigner` and `-altsignerpath` options have been deprecated for removal since JDK 15 and should be removed.
> 
> ### Problem
> This extension mechanism was deprecated in JDK 9 since it was deemed too low-level and had no known use. Removing it will reduce maintainence costs for jarsigner.
> 
> ### Solution
> Remove the terminally deprecated classes `com.sun.jarsigner.ContentSigner`, `com.sun.jarsigner.ContentSignerParameters`and the associated `package-info.java` file.
> 
> Remove the `-altsigner` and `-altsignerpath` options from jarsigner tool. Remove any mention of these options from the jarsigner man page.
> 
> ### Specification
> The classes `com.sun.jarsigner.ContentSigner` and `com.sun.jarsigner.ContentSignerParameters` are removed. Any class implementing these interfaces will fail to compile.
> 
> `jarsigner --help` no longer list the -altsigner or -altsigner options.
> 
> `jarsigner -altsigner` will fail with an 'illegal option' message:
> 
> ```
> % jarsigner -altsigner
> Illegal option: -altsigner
> ```

This looks good overall.  I would probably make the compatibility risk _low_.  

For your spec changes, I might borrow the format I used in [JDK-8193757](https://bugs.openjdk.org/browse/JDK-8193757)

-------------

PR: https://git.openjdk.org/jdk/pull/12791


More information about the security-dev mailing list