Hi Sean, I think the changes look good including the proposed tweaks to the message suggested by Alan.
Best Lance > On Jul 2, 2020, at 4:10 AM, Seán Coffey <sean.cof...@oracle.com> wrote: > > Thanks for the review Alan. I'm in contact with Max already about possible > follow up enhancements in this area. It would be worked via a follow on JBS > record. > > Regarding the error message, I'm fine with your suggestion. We can go with > this then: > "POSIX file permission attributes detected. These attributes are ignored when > signing and are not protected by the signature." > > regards, > Sean. > > On 02/07/2020 08:59, Alan Bateman wrote: >> On 30/06/2020 14:51, Seán Coffey wrote: >>> >>> : >>> >>> During the CSR review, a suggestion was made to have jarsigner preserve >>> such attributes by default. Warnings about these attributes will also be >>> added during signing and verify operations (if detected). >>> >> Yes, signing should be additive so the original proposal to drop information >> from the UNIX extra block would be surprising. The intersection of those >> using zip/other tools to create zip files and then signing them with >> jarsigner is probably small but it would still be confusing for signing to >> loose information. Having jarsigner refuse to sign these zip files by >> default, with an option to override, would be a reasonable approach. The >> current proposal to printing a warning seems okay too. >> >> I've skimmed through webrev.8218021.v5 which has this warning: >> >> "POSIX file permission attributes detected. Note that these attributes are >> unsigned and not protected by the signature." >> >> I realize you've agreed this with the other Reviewers but I think that "Note >> that these attributes are unsigned ..." is confusing as it could be >> interpreted to mean that they have to be signed by some other means, or even >> that the warning is because they are using unsigned values. >> >> It might be better to tweak the second part to make it a bit clearer, up to >> you but something like "These attributes are ignored when signing and are >> not protected by the signature". >> >> -Alan Best Lance ------------------ Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037 Oracle Java Engineering 1 Network Drive Burlington, MA 01803 lance.ander...@oracle.com
