Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] jar signing date


There is some discussion of this in the following bug:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=124114

To insert the date when signing, you need to obtain a date stamp from a time stamp authority (TSA). Essentially this is so you can trust that the time stamp is correct because it comes from a trusted third party. When I investigated this, I found there are providers that sell timestamps at a fixed cost per timestamp, or there is possibly the option of setting up your own timestamp server. In any case, it's non-trivial to set this up, and the benefit is questionable if you keep renewing your certificate. As far as I know, the timestamp only comes into play if the certificate expires or is revoked.

John




"Ted Kubaska" <ted.kubaska@xxxxxxxxx>
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx

05/08/2008 12:10 PM

Please respond to
Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>

To
cross-project-issues-dev@xxxxxxxxxxx
cc
Subject
[cross-project-issues-dev] jar signing date





I noticed that the signing date for Eclipse plugins is listed as
Unknown. Help->About Eclipse SDK->Plugin Details->Show Signing Info.

Should we be setting this date somehow?

--
-Ted
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev


Back to the top