Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse-dev] Signed integration builds

Starting with build I20060412-0847, all JARs in the Eclipse SDK are signed (http://en.wikipedia.org/wiki/Code_signing).  However, the JARs are currently being signed with a test certificate as we iron out the signing process and get the real certificates installed.  This means when you install content from these builds via an update site, you will be prompted that you are about to install content that has been signed with a valid certificate by an unknown party.  Specifically, you will be presented with the following certificate details:

CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Valid between "10-Apr-2006" and "9-Jul-2006".
Valid certificate.

I am just sending this note so people aren't surprised by this dialog (previously, it warned you that you were installing unsigned content).  Of course this certificate gives you absolutely no measure of security, but it is a step in the right direction.  Soon this certificate will be replaced with a certificate from a widely trusted source (https://bugs.eclipse.org/bugs/show_bug.cgi?id=130943).

Back to the top