Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [eclipse.org-planning-council] Some (more) attention requiredwith respect to signed jars

David,

 

Are you out there? We are too close to the wire to have confusion over this.

 

Can you explain why you think the jars are not signed?

 

Doug

 

From: eclipse.org-planning-council-bounces@xxxxxxxxxxx [mailto:eclipse.org-planning-council-bounces@xxxxxxxxxxx] On Behalf Of Ted Williams
Sent: Wednesday, June 18, 2008 10:49 AM
To: eclipse.org-planning-council
Subject: Re: [eclipse.org-planning-council] Some (more) attention requiredwith respect to signed jars

 


Installing org.eclipse.dd.* from site http://download.eclipse.org/releases/ganymede/staging, Help -> About Eclipse SDK -> Plug-in Details shows a non-broken signed icon with Signing Info "L=Ottawa CN=Eclipse Foundation ST=Ontario OU=Digital ID Class 3 - Java Object Signing O=Eclipse Foundation C=CA"

Is there something more we must do?



David M Williams wrote:


Please see

https://bugs.eclipse.org/bugs/show_bug.cgi?id=227333

Thanks to STP project (and those that helped them) to get their jars signed.

But, there are still unsigned jars ... and these fall into two categories.

1. org.eclipse.dd jars are unsigned, and there's been some response long ago in the bugzilla (which I interpreted to mean "will be done immediately") but they are not done yet.
Have we waited long enough? (I think you all know how I'd respond ... and given previous discussions I think I know how you all would respond ... but, I'd recommend we have the discussion and an explicit decision made, rather than coasting along).

2. There is one set (of three) that are "partial jars", where some of there content is not being distributed and users have to supply their own content (based on them accepting different license agreements, or something).
So, these jars can not be signed, since users do have to modify them after they are installed.
Given the lateness at which this hole as been discovered, I wouldn't argue too much that they should be excluded from Ganymede ... though I could be persuaded, if someone else wanted to carry that torch ... but would like it made clear that this is not a long term solution and I would advocate that for any future simultaneous releases, if we have any future such efforts, that this hole be plugged and to explicitly disallow unsigned jars (for this particular reason, that is).

So ... Planning Council members, since the rule states "Exceptions authorized by the planning council for technical reasons." it is now is your responsibility to exercise your authority.

Thanks,


 


 
_______________________________________________
eclipse.org-planning-council mailing list
eclipse.org-planning-council@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-planning-council
 
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation.  To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.

 


Back to the top