[ http://jira.codehaus.org/browse/MOJO-263?page=comments#action_65228 ]
Holger Brands commented on MOJO-263: ------------------------------------ Isn't it problematic to unsign already signed jars and sign it with another certificate ? Consider for example Java Help jar from Sun. Is it allowed to unsign this jar ? Until now, I thought the only solution is to use the component extension mechansim outlined here: http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/faq.html#213 What do you think ? > [webstart] deal with unsigned jars > ---------------------------------- > > Key: MOJO-263 > URL: http://jira.codehaus.org/browse/MOJO-263 > Project: Mojo > Type: New Feature > Components: webstart > Reporter: Jerome Lacoste > Assignee: Jerome Lacoste > > > There are potential issues when dealing with including such already signed > jars in a webstart application. > In particular see: > http://jira.codehaus.org/browse/MOJO-7#action_49160 > and the relevant m1 jnlp issues: > http://jira.codehaus.org/browse/MPJNLP-20 > http://jira.codehaus.org/browse/MPJNLP-28 > According to the feedback I got on the maven user list, I think that, in > order to satisfy everybody, we need to: > - handle already signed jars (MPJNLP-28) > - primarily we need the possibility to unsign a jar. That will probably go > to jar:unsign. > - optionally avoid signing jars that are already signed. > - optionally clean the Manifest (maven1 jnlp feature, to work around SDK 1.3 > issue - See MPJNLP-20) > Did I miss something? > Now how do we present that to the user? > We could: > - assume that every jar will be signed by default > - let the user list the operation to perform, maybe using something like: > <sign> > <dname>...</dname> > ... > <unsign> > <dependency>...</dependency> > </unsign> > <skipSignedJars>true<skipSignedJars> > <cleanManifest>true</cleanManifest> > </sign> > Does that look correct? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
