I'm trying to understand how Felix verify the classes signatures but I don't see anything around that. It seems to me that in a non OSGi environment, the classes will be verified by the class loader when loaded from a jar mainly because the java.util.jar.JarFile does the signature verification when loading an entry (i.e. a class) from the jar file. However, Felix does not use the JarFile class and uses a custom ZipFile instead. So it looks like the whole signed jars mechanism does not really work. Am I right, or do I miss something here ?
-- ------------------------ Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ FuseSource, Integration everywhere http://fusesource.com
