Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] jar signing date

There is some discussion of this in the following bug:

To insert the date when signing, you need to obtain a date stamp from a time stamp authority (TSA). Essentially this is so you can trust that the time stamp is correct because it comes from a trusted third party. When I investigated this, I found there are providers that sell timestamps at a fixed cost per timestamp, or there is possibly the option of setting up your own timestamp server. In any case, it's non-trivial to set this up, and the benefit is questionable if you keep renewing your certificate. As far as I know, the timestamp only comes into play if the certificate expires or is revoked.


"Ted Kubaska" <ted.kubaska@xxxxxxxxx>
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx

05/08/2008 12:10 PM

Please respond to
Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>

[cross-project-issues-dev] jar signing date

I noticed that the signing date for Eclipse plugins is listed as
Unknown. Help->About Eclipse SDK->Plugin Details->Show Signing Info.

Should we be setting this date somehow?

cross-project-issues-dev mailing list

Back to the top