[
https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422417#comment-13422417
]
Guillaume Nodet commented on FELIX-3610:
----------------------------------------
Note that the benefit of signing is that those bundles are actually secured.
In my case, only signed bundles can be accessed at runtime -- this can be
checked using Bundle#getSignerCertificates(). So the verification is important
to ensure that only signed code can be accessed at runtime.
> Support runtime verification for signed bundles
> -----------------------------------------------
>
> Key: FELIX-3610
> URL: https://issues.apache.org/jira/browse/FELIX-3610
> Project: Felix
> Issue Type: Improvement
> Components: Framework, Framework Security
> Reporter: Guillaume Nodet
>
> Signed bundles are only checked when installed, but the goal of signed
> bundles is to make sure no one has changed the jar. This is not ensured
> unless bundle entries are verified when loaded.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
