Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] An important change in Orbit bundles coming (for post M5) -- signed bundles

I know we've just finished Ganymede M5 ... well, not even sure it is completely finished yet ... but for those of you that have
started on your M6 work, there is a new I-build from Orbit that is the first to have signed bundles.

Hopefully this is only goodness, but there is some chance for complications and we in Orbit
can never know about it, so we depend on consuming projects to let us know if problems.
So ... good time to get started for M6!

The main problem to watch for is that there could end up being some (large) performance penalty
in some cases. From the Platform's experiences, this can occur if the code uses it's own custom
classloaders and ends up re-loading (and hence re-verifying) the class over and over again.

for more information about signing and issues to be aware of.

Some of you projects may have already been signing these jars as part of your own build process.
As far as we can tell, it doesn't hurt if you continue to do so. From our tiny experiments in Orbit,
it turns into basically a "no-op" but each file is still processed so you may gain some slight build-time performance improvement
if you tell your build process to skip those that are already signed by Orbit. Currently the only way to do
that is to maintain your own list to pass to the JarProcessor (See bug 174475).


Back to the top