RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v7]
Hai-May Chao
hchao at openjdk.org
Thu Mar 27 19:01:13 UTC 2025
On Thu, 27 Mar 2025 01:52:40 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Again, shall we return here? Do you want to skip other comparison when the manifests are not the same?
>
> It was suggested that I validate the Manifest and then fast fail if there is an inconsistency. As Manifest contains metadata about the JAR, if it itself is inconsistent, it may indicate a deeper issue with the JAR. I'd think fast failing could save time by avoiding unnecessary checks.
Removed `return` here, so no fast failing to continue on integrity checking.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2017449428
More information about the security-dev
mailing list