Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-planning-council] Some (more) attention required with respect to signed jars


Please see

https://bugs.eclipse.org/bugs/show_bug.cgi?id=227333

Thanks to STP project (and those that helped them) to get their jars signed.

But, there are still unsigned jars ... and these fall into two categories.

1. org.eclipse.dd jars are unsigned, and there's been some response long ago in the bugzilla (which I interpreted to mean "will be done immediately") but they are not done yet.
Have we waited long enough? (I think you all know how I'd respond ... and given previous discussions I think I know how you all would respond ... but, I'd recommend we have the discussion and an explicit decision made, rather than coasting along).

2. There is one set (of three) that are "partial jars", where some of there content is not being distributed and users have to supply their own content (based on them accepting different license agreements, or something).
So, these jars can not be signed, since users do have to modify them after they are installed.
Given the lateness at which this hole as been discovered, I wouldn't argue too much that they should be excluded from Ganymede ... though I could be persuaded, if someone else wanted to carry that torch ... but would like it made clear that this is not a long term solution and I would advocate that for any future simultaneous releases, if we have any future such efforts, that this hole be plugged and to explicitly disallow unsigned jars (for this particular reason, that is).

So ... Planning Council members, since the rule states "Exceptions authorized by the planning council for technical reasons." it is now is your responsibility to exercise your authority.

Thanks,


Back to the top