Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8166222

Don't treat signed jars with invalid timestamps as unsigned

    XMLWordPrintable

Details

    Description

      We should consider changing the behavior for signed JARs that are timestamped and which the jar signature is valid but the timestamp is not parseable or uses an unsupported or weak algorithm. Currently, it appears that these JARs are treated as completely unsigned. However, it really should be treated as signed but without a timestamp.

      Attachments

        Issue Links

          Activity

            People

              weijun Weijun Wang
              mullan Sean Mullan
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: