From:
cross-project-issues-dev-bounces@xxxxxxxxxxx
[mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of David
M Williams
Sent: Saturday, February 23, 2008 12:15 AM
To: cross-project-issues-dev@xxxxxxxxxxx
Subject: [cross-project-issues-dev] An important change in Orbit bundles
coming (for post M5) -- signed bundles
I know we've
just finished Ganymede M5 ... well, not even sure it is completely finished yet
... but for those of you that have
started on your
M6 work, there is a new I-build from
Orbit
that is the first to have signed bundles.
Hopefully this
is only goodness, but there is some chance for complications and we in Orbit
can never know
about it, so we depend on consuming projects to let us know if problems.
So ... good
time to get started for M6!
The main
problem to watch for is that there could end up being some (large) performance
penalty
in some cases.
>From the Platform's experiences, this can occur if the code uses it's own
custom
classloaders
and ends up re-loading (and hence re-verifying) the class over and over again.
See http://wiki.eclipse.org/JAR_Signing
for more
information about signing and issues to be aware of.
Some of you
projects may have already been signing these jars as part of your own build
process.
As far as we
can tell, it doesn't hurt if you continue to do so. From our tiny experiments
in Orbit,
it turns into
basically a "no-op" but each file is still processed so you may gain
some slight build-time performance improvement
if you tell
your build process to skip those that are already signed by Orbit. Currently
the only way to do
that is to
maintain your own list to pass to the JarProcessor (See bug 174475).
Thanks,