[mojo-dev] [jira] Commented: (MOJO-263) [webstart] deal with unsigned jars

Thu, 26 Jan 2006 15:12:14 -0800 

    [ http://jira.codehaus.org/browse/MOJO-263?page=comments#action_57079 ] 

Jerome Lacoste commented on MOJO-263:
-------------------------------------

With regard to sign properties in settings.xml, I've been pointed by Brett to 
the fact that one can use profiles under certain conditions (see MNG-860), or 
properties.

See the user mailing list, 
Message-ID: <[EMAIL PROTECTED]>

(message titled "[RFC] [m2] template mecanism in settings.xml (initialy for 
plugin sensitive information)" dated 26 Jan 2006 ).



> [webstart] deal with unsigned jars
> ----------------------------------
>
>          Key: MOJO-263
>          URL: http://jira.codehaus.org/browse/MOJO-263
>      Project: Mojo
>         Type: New Feature

>   Components: sandbox
>     Reporter: Jerome Lacoste

>
>
> There are potential issues when dealing with including such already signed 
> jars in a webstart application.
> In particular see:
> http://jira.codehaus.org/browse/MOJO-7#action_49160
> and the relevant m1 jnlp issues:
> http://jira.codehaus.org/browse/MPJNLP-20
> http://jira.codehaus.org/browse/MPJNLP-28
> According to the feedback I got on the maven user list, I think that, in 
> order to satisfy everybody, we need to:
> - handle already signed jars (MPJNLP-28)
>   - primarily we need the possibility to unsign a jar. That will probably go 
> to jar:unsign.
>   - optionally avoid signing jars that are already signed.
> - optionally clean the Manifest (maven1 jnlp feature, to work around SDK 1.3 
> issue - See MPJNLP-20)
> Did I miss something?
> Now how do we present that to the user?
> We could:
> - assume that every jar will be signed by default
> - let the user list the operation to perform, maybe using something like:
>   <sign>
>     <dname>...</dname>
>     ...
>     <unsign>
>       <dependency>...</dependency>
>     </unsign>
>     <skipSignedJars>true<skipSignedJars>
>     <cleanManifest>true</cleanManifest>
>   </sign>
> Does that look correct?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to