RFR: 8309841: Jarsigner should print a warning if an entry is removed [v5]
Sean Mullan
mullan at openjdk.org
Fri Sep 27 14:20:38 UTC 2024
On Fri, 27 Sep 2024 14:01:18 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line 182:
>>
>>> 180: {"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"},
>>> 181: {"unknown.size", "unknown size"},
>>> 182: {"nonexistent.entries.found", "Nonexistent signed entries detected. See details in -verbose output."},
>>
>> For the second sentence, in other warning messages, we say "Re-run jarsigner with the -verbose option for more details." Perhaps we should be consistent?
>
> Actually, I see the output will also contain the message "Re-run with the -verbose and -certs options for more details." so I take back my comment above.
For this summary message, I suggest we be a bit more descriptive like in other messages:
"This jar contains signed entries for files that do not exist. See the -verbose output for more details."
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1778703414
More information about the security-dev
mailing list