Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] Upcoming changes regarding jar signing in JDK17
The ticket you mention is unrelated as here I'm talking about the timestamp digest signature algorithm while on the ticket it's about the timestamp signature algorithm. 

Timestamp digest signature of SHA256 will not work with Java before 1.7.0_76 (see https://bugs.openjdk.java.net/browse/JDK-8049480). The question is: do we want to support such old version (8+ years old) of Java, or support the upcoming LTS.

Cheers,

Mikaël Barbero 
Manager — Release Engineering and Technology | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

On 11 May 2021, at 10:11, Mickael Istria <mistria@xxxxxxxxxx> wrote:

Hi Mikael,

https://bugs.eclipse.org/bugs/show_bug.cgi?id=572034 is related and it could be that Equinox wouldn't be able to handle that change at the moment, resulting in p2 failing to install the artifacts. Please ask on https://bugs.eclipse.org/bugs/show_bug.cgi?id=572034 about whether the proposed change would be an occurrence of the bug and break current 4.19; and if 4.20 would fix it.
If it is an occurrence of the bug, then it's a bit tricky to change it now as people won't be able to upgrade. The strategy would be to keep the supported algorithm until 4.20 is released and then switch to newer one.

Cheers,
_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev

Attachment: signature.asc
Description: Message signed with OpenPGP

Back to the top