ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37105] - <SignJar> signing JARs does not work correctly
Date Mon, 30 Jan 2006 18:06:34 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37105>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37105


stevel@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From stevel@apache.org  2006-01-30 19:06 -------
Ant hands off signing to the jarsigner task of the JDK; you can see the command
line if you add the -v switch. Dependency logic is limited to checking the dest
file being older than the source, not looking for signatures inside.

If the jarsigner exe feels that your app needs a second signature, then either
it knows what it is doing, or there is something wrong with it. Either way, it
is out of our hands. I'd note that SHA-1-Digest and SHA1-Digest are two
different strings, and maybe both are required. 

As it is, I dont see what it is doing is actually invalid. All it is doing is
signing it with a different cryptography engine. Marking as wontfix as it is out
of our hands.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message