On Mon, 19 Sep 2022 10:21:30 GMT, Lance Andersen <lan...@openjdk.org> wrote:
> OK, will make another pass at this today I looked at the latest draft (2bafc00c). I think it would help if the section "Verifying a JarInputStream" were renamed to "Signed JAR files". The link to getManifest makes the reader wonder if they have to call this method whereas I think what you want to say that the manifest must be at the start of the stream (as per the first section) and then followed by signature entries. ------------- PR: https://git.openjdk.org/jdk/pull/10045