[
https://issues.apache.org/jira/browse/FELIX-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13120713#comment-13120713
]
Andie Similon commented on FELIX-3147:
--------------------------------------
Yes. But as far as I can see, the code that handles the zipfiles (well the jar
files) doesn't do any verification of the signature.
> Check whether bundle jar is signed
> ----------------------------------
>
> Key: FELIX-3147
> URL: https://issues.apache.org/jira/browse/FELIX-3147
> Project: Felix
> Issue Type: Improvement
> Components: Framework
> Affects Versions: framework-3.0.9
> Reporter: Andie Similon
> Priority: Minor
>
> I am not sure but it seems to be that when loading a bundle it will not
> verify the signature of the bundle. I can self sign a bundle and then change
> its contents and the framework will not throw a SecurityException. Is this
> intended?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
