Name: pa48320 Date: 01/12/2001

The package versioning spec allows the manifest to declare version numbers, etc. per-package. Signing such a jar with jarsigner removes the package-specific information.

to recreate, create dummy files foo and bar/baz

create a jar containing foo and bar/baz with the following command:
jar cfm j.jar j.mf foo bar\baz

The contents of j.mf are as follows:

Name: bar/
Specification-Title: bar
Specification-Vendor: acme
Specification-Version: 1.0
Implementation-Title: bar stuff
Implementation-Vendor: acme
Implementation-Version: 0.7

Note that the content of j.mf is meant to be per-entry information. Make sure j.mf starts with a blank line.

inspect j.jar and verify that the manifest contains:
Manifest-Version: 1.0
Created-By: 1.3.0_01 (Sun Microsystems Inc.)

Name: bar/
Specification-Title: bar
Specification-Vendor: acme
Implementation-Vendor: acme
Specification-Version: 1.0
Implementation-Version: 0.7
Implementation-Title: bar stuff

sign j.jar with jarsigner (RSA). Inspect j.jar and note that the manifest contents are now:
Manifest-Version: 1.0
Created-By: 1.3.0_01 (Sun Microsystems Inc.)

Name: bar/baz
SHA1-Digest: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=

Name: foo
SHA1-Digest: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=

All of the per-entry (or per-package) package versioning information is gone.
======================================================================