Return-Path: 
 <dev-return-32098-apmail-felix-dev-archive=felix.apache.org@felix.apache.org>
X-Original-To: apmail-felix-dev-archive@www.apache.org
Delivered-To: apmail-felix-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6F309D653
	for <apmail-felix-dev-archive@www.apache.org>;
 Wed, 25 Jul 2012 20:15:36 +0000 (UTC)
Received: (qmail 44722 invoked by uid 500); 25 Jul 2012 20:15:36 -0000
Delivered-To: apmail-felix-dev-archive@felix.apache.org
Received: (qmail 44680 invoked by uid 500); 25 Jul 2012 20:15:36 -0000
Mailing-List: contact dev-help@felix.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@felix.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@felix.apache.org>
List-Post: <mailto:dev@felix.apache.org>
List-Id: <dev.felix.apache.org>
Reply-To: dev@felix.apache.org
Delivered-To: mailing list dev@felix.apache.org
Received: (qmail 44671 invoked by uid 99); 25 Jul 2012 20:15:36 -0000
Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jul 2012 20:15:36 +0000
Received: from isssues-vm.apache.org (localhost [127.0.0.1])
	by issues-vm (Postfix) with ESMTP id D5EE9140B94
	for <dev@felix.apache.org>; Wed, 25 Jul 2012 20:15:35 +0000 (UTC)
Date: Wed, 25 Jul 2012 20:15:33 +0000 (UTC)
From: "Karl Pauls (JIRA)" <jira@apache.org>
To: dev@felix.apache.org
Message-ID: <1610208762.102757.1343247335878.JavaMail.jiratomcat@issues-vm>
In-Reply-To: <1617987772.101836.1343234734945.JavaMail.jiratomcat@issues-vm>
Subject: [jira] [Commented] (FELIX-3610) Support runtime verification for
 signed bundles
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422569#comment-13422569 ] 

Karl Pauls commented on FELIX-3610:
-----------------------------------

How are you verifying the signatures? I assume you have a BundleSignerCondition or something?
                
> Support runtime verification for signed bundles
> -----------------------------------------------
>
>                 Key: FELIX-3610
>                 URL: https://issues.apache.org/jira/browse/FELIX-3610
>             Project: Felix
>          Issue Type: Improvement
>          Components: Framework, Framework Security
>            Reporter: Guillaume Nodet
>            Assignee: Karl Pauls
>
> Signed bundles are only checked when installed, but the goal of signed bundles is to make sure no one has changed the jar.    This is not ensured unless bundle entries are verified when loaded.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira