Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8166222

Don't treat signed jars with invalid timestamps as unsigned

    XMLWordPrintable

    Details

      Description

      We should consider changing the behavior for signed JARs that are timestamped and which the jar signature is valid but the timestamp is not parseable or uses an unsupported or weak algorithm. Currently, it appears that these JARs are treated as completely unsigned. However, it really should be treated as signed but without a timestamp.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              mullan Sean Mullan
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: