RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

Bernd Eckenfels ecki at zusammenkunft.net
Wed Oct 19 20:30:09 UTC 2016


Am Wed, 19 Oct 2016 16:13:24 -0400
schrieb Sean Mullan <sean.mullan at oracle.com>:

> 150                 "The jar will be treated as unsigned, because it
> is signed with a weak algorithm that is now disabled.\n\nRe-run
> jarsigner with the -verbose option for more details."},

I also wondered: what if there are multiple signatures. So a "because
it is signed only with weak algorithms" might be better?

Gruss
Bernd


More information about the security-dev mailing list