Re: [cross-project-issues-dev] jar signing date

[John Arthorne <John_Arthorne@xxxxxxxxxx>]

There is some discussion of this in
the following bug:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=124114

To insert the date when signing, you
need to obtain a date stamp from a time stamp authority (TSA). Essentially
this is so you can trust that the time stamp is correct because it comes
from a trusted third party. When I investigated this, I found there are
providers that sell timestamps at a fixed cost per timestamp, or there
is possibly the option of setting up your own timestamp server. In any
case, it's non-trivial to set this up, and the benefit is questionable
if you keep renewing your certificate. As far as I know, the timestamp
only comes into play if the certificate expires or is revoked.

John

"Ted Kubaska" <ted.kubaska@xxxxxxxxx>
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx

05/08/2008 12:10 PM

Please respond to
Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>

To	cross-project-issues-dev@xxxxxxxxxxx
cc
Subject	[cross-project-issues-dev] jar signing date

I noticed that the signing date for Eclipse plugins
is listed as
Unknown. Help->About Eclipse SDK->Plugin Details->Show Signing
Info.

Should we be setting this date somehow?

-- 
 -Ted
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev