On Mon, 12 May 2025 01:08:34 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
> In addition to Lance's investigation, I also ran some experiments against a > large number of jars. The results show that none of them are impacted by this > change. More specifically, like Lance notes, the CRC values for the case of > empty file data (or directory), the CRC is always 0. So the proposed change > in this PR isn't expected to run into a JAR/ZIP which will trigger an > exception when this CRC is now checked for such entries. Thanks for the investigations, this helps with the confidence that this isn't going to be disruptive. The main concern with any tightening of validation is that a popular tool or plugin is generated ZIP or JAR files that fail this validation. So I think the change is okay and if something comes up then we still have the option of introducing a compatibility knob in the future. ------------- PR Comment: https://git.openjdk.org/jdk/pull/25116#issuecomment-2871116967
