DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18876>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18876 signjar is incorrect to its documentation Summary: signjar is incorrect to its documentation Product: Ant Version: 1.5.3 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Core tasks AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The signjar task strongly suggests that the jar attribute is required, and that a fileset may be used for jar specification. In fact either, but not both, of jar and fileset can specify the file(s) to sign. It strongly suggests that files will only be signed if they were unsigned, where this action also requires lazy="true". It uses the full alias to validate if the signature file exists, whereas the definition of jarsigner's default is that only the first 8 characters of the alias will be used. The sigfile is used to specify a signature file other than the alias, but this is never checked in signjar. I will attach a suggested update to signjar.java and signjar.html to ease the confusion of trying to optimally sign jars.
