[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cbi-dev] Upcoming changes regarding jar signing in JDK17
|
The change has been deployed. The output of a signed jar is now
Digest algorithm: SHA-256 Signature algorithm: SHA256withRSA, 2048-bit key Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on Wed May 19 09:14:18 UTC 2021 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key
jar verified.
Thanks.
Mikaël Barbero
Manager — Release Engineering and Technology | Eclipse Foundation 🐦 @mikbarbero
The ticket you mention is unrelated as here I'm talking about the timestamp digest signature algorithm while on the ticket it's about the timestamp signature algorithm.
Timestamp digest signature of SHA256 will not work with Java before 1.7.0_76 (see https://bugs.openjdk.java.net/browse/JDK-8049480). The question is: do we want to support such old version (8+ years old) of Java, or support the upcoming LTS.
Cheers,
Mikaël Barbero
Manager — Release Engineering and Technology | Eclipse Foundation 🐦 @mikbarbero
Hi Mikael,
If it is an occurrence of the bug, then it's a bit tricky to change it now as people won't be able to upgrade. The strategy would be to keep the supported algorithm until 4.20 is released and then switch to newer one.
Cheers,
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxxTo unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
|
Attachment:
signature.asc
Description: Message signed with OpenPGP