Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Expired Eclipse Foundation Inc Certificate (update eclipse)
Expired Eclipse Foundation Inc Certificate [message #1844766] Fri, 24 September 2021 13:33 Go to next message
Scott Messner is currently offline Scott MessnerFriend
Messages: 3
Registered: September 2021
Junior Member
I'm trying to very generally update eclipse -- hoping to get the latest from 2021-09. However the process blocks with a Certificates Dialog asking me "Do you trust these certificates?". In the list there is one cert: "Eclipse Foundation\, Inc; Java Software Code Signing; Sun Microsystems Inc". When I open the "Details" dialog to check the certificate I can see that it is expired since April 25, 2020. Is this normal ? Should I be trusting expired certs just to upgrade Eclipse ?

Thanks in advance for any feedback.

index.php/fa/41017/0/

Report message to a moderator

Re: Expired Eclipse Foundation Inc Certificate [message #1844772 is a reply to message #1844766] Fri, 24 September 2021 14:42 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 33140
Registered: July 2009
Senior Member
Yes, it's unfortunately normal that old bundles that don't change for a long time are not resigned. I generate a report for the repositories release train repositories:

https://download.eclipse.org/oomph/archive/reports/download.eclipse.org/releases/2021-12/http___download.eclipse.org_releases_2021-09_202109151000.html

In that report you can see there are three bundles that use this certificate. The report doesn't include the validity dates which would be nice because then I would realize it's a bit problematic.

In any case, a securely signed jar doesn't become insecure on the day the certificate expires...

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Re: Expired Eclipse Foundation Inc Certificate [message #1844773 is a reply to message #1844772] Fri, 24 September 2021 15:45 Go to previous messageGo to next message
Scott Messner is currently offline Scott MessnerFriend
Messages: 3
Registered: September 2021
Junior Member
No Message Body

Report message to a moderator

Re: Expired Eclipse Foundation Inc Certificate [message #1844774 is a reply to message #1844773] Fri, 24 September 2021 15:51 Go to previous messageGo to next message
Scott Messner is currently offline Scott MessnerFriend
Messages: 3
Registered: September 2021
Junior Member
Thank you Ed Merks,
That calms the majority of my worries. I'll resume my upgrade then!
Sub-question would be how the certs are used to imply validity -- anything I can read on the subject ? In any case, I'm assuming a malicious party can't acquire these expired certs and re-sign their own jar so we're good in that respect. Cheers.

Report message to a moderator

Re: Expired Eclipse Foundation Inc Certificate [message #1844845 is a reply to message #1844772] Tue, 28 September 2021 01:48 Go to previous messageGo to next message
Nitin Dahyabhai is currently offline Nitin DahyabhaiFriend
Messages: 4435
Registered: July 2009
Senior Member
How's that report generated, Ed? Is it the kind of thing where someone could contribute that kind of functionality?

_
Nitin Dahyabhai
Eclipse Web Tools Platform

Report message to a moderator

Re: Expired Eclipse Foundation Inc Certificate [message #1844861 is a reply to message #1844845] Tue, 28 September 2021 09:10 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 33140
Registered: July 2009
Senior Member
If you setup up the Oomph development environment https://ci.eclipse.org/oomph/ it's org.eclipse.oomph.p2.internal.core.RepositoryIntegrityAnalyzer. I have to confess that it's a bit of a monstrosity though...

If I didn't make a mistake, it seems a great many bundles are old and have signatures with expired certificates:

https://download.eclipse.org/oomph/archive/reports/download.eclipse.org/releases/2021-12/http___download.eclipse.org_releases_2021-09_202109151000.html

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Previous Topic:Exception in thread "main" java.lang.ExceptionInInitializerError
Next Topic:packages installation
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 25 15:01:28 GMT 2024

Powered by FUDForum. Page generated in 0.08724 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly