felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Pauls (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-3610) Support runtime verification for signed bundles
Date Wed, 25 Jul 2012 20:15:33 GMT

    [ https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422569#comment-13422569

Karl Pauls commented on FELIX-3610:

How are you verifying the signatures? I assume you have a BundleSignerCondition or something?
> Support runtime verification for signed bundles
> -----------------------------------------------
>                 Key: FELIX-3610
>                 URL: https://issues.apache.org/jira/browse/FELIX-3610
>             Project: Felix
>          Issue Type: Improvement
>          Components: Framework, Framework Security
>            Reporter: Guillaume Nodet
>            Assignee: Karl Pauls
> Signed bundles are only checked when installed, but the goal of signed bundles is to
make sure no one has changed the jar.    This is not ensured unless bundle entries are verified
when loaded.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message