Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] Upcoming changes regarding jar signing in JDK17

The change has been deployed. The output of a signed jar is now

- Signed by "EMAILADDRESS=webmaster@xxxxxxxxxxx, CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"
    Digest algorithm: SHA-256
    Signature algorithm: SHA256withRSA, 2048-bit key
  Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on Wed May 19 09:14:18 UTC 2021
    Timestamp digest algorithm: SHA-256
    Timestamp signature algorithm: SHA256withRSA, 2048-bit key

jar verified.


Thanks.

Mikaël Barbero 
Manager — Release Engineering and Technology | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

On 11 May 2021, at 14:59, Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx> wrote:

The ticket you mention is unrelated as here I'm talking about the timestamp digest signature algorithm while on the ticket it's about the timestamp signature algorithm. 

Timestamp digest signature of SHA256 will not work with Java before 1.7.0_76 (see https://bugs.openjdk.java.net/browse/JDK-8049480). The question is: do we want to support such old version (8+ years old) of Java, or support the upcoming LTS.

Cheers,

Mikaël Barbero 
Manager — Release Engineering and Technology | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

On 11 May 2021, at 10:11, Mickael Istria <mistria@xxxxxxxxxx> wrote:

Hi Mikael,

https://bugs.eclipse.org/bugs/show_bug.cgi?id=572034 is related and it could be that Equinox wouldn't be able to handle that change at the moment, resulting in p2 failing to install the artifacts. Please ask on https://bugs.eclipse.org/bugs/show_bug.cgi?id=572034 about whether the proposed change would be an occurrence of the bug and break current 4.19; and if 4.20 would fix it.
If it is an occurrence of the bug, then it's a bit tricky to change it now as people won't be able to upgrade. The strategy would be to keep the supported algorithm until 4.20 is released and then switch to newer one.

Cheers,
_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev


Attachment: signature.asc
Description: Message signed with OpenPGP


Back to the top