On Tue, 17 Jan 2023 22:10:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> @wangweij >> >> I initially removed this code, then restored it because I thought the >> original author might have intended to future-proof the test. It also serves >> as a sort of documentation of the implicit assumtions the test makes about >> the permitted state of digest algorithms in the JVM. >> >> I have now instead added a method which explicitly asserts that MD5 is >> disabled and SHA256 is permitted in the very beginning of the test. This way >> the assumtions are made clear and the test will fail clear and loudly should >> these assumtions fail in the future. >> >> What do you think of this update? > > That's OK, but believe me if one day SHA-256 is disabled we will update a lot > of tests anyway. True, making assumptions clear is maybe more important than future-proofing here. (Although we do actually have at least one example of a signed jar test today where the jar is no longer treated as signed because the jar was signed with SHA-1 before 2019. See VerifySignedJar which seems to not actually test much) ------------- PR: https://git.openjdk.org/jdk/pull/11997
