Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8166222

Don't treat signed jars with invalid timestamps as unsigned

XMLWordPrintable

      We should consider changing the behavior for signed JARs that are timestamped and which the jar signature is valid but the timestamp is not parseable or uses an unsupported or weak algorithm. Currently, it appears that these JARs are treated as completely unsigned. However, it really should be treated as signed but without a timestamp.

            weijun Weijun Wang
            mullan Sean Mullan
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: