RFR: 8365559: jarsigner shows files non-existent if signed with a weak algorithm

Mark Powers mpowers at openjdk.org
Thu Aug 14 16:12:11 UTC 2025


On Thu, 14 Aug 2025 15:17:09 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> See the bug report for details. Basically, entries in the SF set should always be removed no matter if it's treated signed or not.

test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 44:

> 42:             = "This jar contains signed entries for files that do not exist. See the -verbose output for more details.";
> 43:     private static final String WEAK_UNSIGNED
> 44:             = "The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled";

Need period at end of sentence.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26781#discussion_r2277072050


More information about the security-dev mailing list