Sure, no problem. I filed https://bugs.openjdk.org/browse/JDK-8300140
for this issue.
Thanks,
Sean
On 1/13/23 12:22 PM, Eirik Bjørsnøs wrote:
Sean,
I'm not an Author (yet! :), so I can't log in to JBS and create issues.
I guess the title and description of the draft PR could serve as a
star
Sean,
I'm not an Author (yet! :), so I can't log in to JBS and create issues.
I guess the title and description of the draft PR could serve as a
starting point for a bug.
Note that the Jar File Specification does explicitly say:
"Note that if such files are located in META-INF subdirectories, t
Off hand it seems like a bug to me, can you file one? The jar
specification says that the SF file resides in the META-INF directory
and says nothing about subdirectories.
--Sean
On 1/13/23 6:40 AM, Eirik Bjørsnøs wrote:
Thanks for forwarding me to the right list, Alan
For context, I posted a
Thanks for forwarding me to the right list, Alan
For context, I posted a follow-up on the core-libs-dev thread yesterday
showing that some other methods have the same problem:
https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html
And here's a draft PR for a fix, including a t
Forwarding to security-dev as that is where issues around signed JARs
are usually discussed.
-Alan.
On 10/01/2023 17:00, Eirik Bjørsnøs wrote:
Hi,
ZipFile.isSignatureRelated currently returns true for paths such as
the following:
META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.
