ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27596] no way to verify JAR files as validly signed in Ant. (was: signjar should support the -verify and -certs options)
Date Tue, 19 May 2009 11:01:01 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=27596





--- Comment #6 from Emmanuel Bourg <ebourg@apache.org>  2009-05-19 04:01:00 PST ---
I understand it's not perfect, the task is 'as bad' as the jarsigner tool, but
it's still useful. For example when you sign and pack your own jar files (with
pack200), running 'jarsigner -verify' is a must to ensure that the
repack+sign+pack process was done properly.

I use <verifyjar> to check the jars produced by my build and signed with my
certificate. The fact that the validity of the certificate is not checked is
irrelevant in this case. It doesn't tell if the jar can be trusted, it tells if
the jar is corrupted and will break when loaded by the Java Plugin.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message