Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Yet another nag note ... and, I mean it this time!

I believe these expired certificates cause P2 to download both pack.gz
and jar flavours of the same artifact when Eclipse is running on SUN
Java 7. At least this is the behaviour I see with Juno M7 P2 runtime
included with Tycho. Don't know if newer P2 behaves differently or if
the problem is limited to Tycho.


On 12-05-24 10:27 AM, Denis Roy wrote:
On 05/24/2012 06:30 AM, Stephan Herrmann wrote:
On 05/24/2012 06:40 AM, David M Williams wrote:
Look at these reports:

Looking at verified.txt I see lots of
   "jar verified.  Warning:  This jar contains entries whose signer
certificate has expired.   Re-run with the -verbose and -certs options
for more details."

It seems to fix this we'd have to re-build and sign ALL jars that
have been signed before the switch to the new certificate and never
changed since?

Technically, you don't need to rebuild and resign your jars.  It's just
a warning that the certificate used is now expired, but the signature is
perfectly valid.

If you absolutely want to eliminate the warning, just re-sign the jars
with the new cert.  No need to rebuild them.

cross-project-issues-dev mailing list

Back to the top