[ http://jira.codehaus.org/browse/MOJO-263?page=all ]
Jerome Lacoste reassigned MOJO-263:
-----------------------------------
Assign To: Jerome Lacoste
> [webstart] deal with unsigned jars
> ----------------------------------
>
> Key: MOJO-263
> URL: http://jira.codehaus.org/browse/MOJO-263
> Project: Mojo
> Type: New Feature
> Components: sandbox
> Reporter: Jerome Lacoste
> Assignee: Jerome Lacoste
>
>
> There are potential issues when dealing with including such already signed
> jars in a webstart application.
> In particular see:
> http://jira.codehaus.org/browse/MOJO-7#action_49160
> and the relevant m1 jnlp issues:
> http://jira.codehaus.org/browse/MPJNLP-20
> http://jira.codehaus.org/browse/MPJNLP-28
> According to the feedback I got on the maven user list, I think that, in
> order to satisfy everybody, we need to:
> - handle already signed jars (MPJNLP-28)
> - primarily we need the possibility to unsign a jar. That will probably go
> to jar:unsign.
> - optionally avoid signing jars that are already signed.
> - optionally clean the Manifest (maven1 jnlp feature, to work around SDK 1.3
> issue - See MPJNLP-20)
> Did I miss something?
> Now how do we present that to the user?
> We could:
> - assume that every jar will be signed by default
> - let the user list the operation to perform, maybe using something like:
> <sign>
> <dname>...</dname>
> ...
> <unsign>
> <dependency>...</dependency>
> </unsign>
> <skipSignedJars>true<skipSignedJars>
> <cleanManifest>true</cleanManifest>
> </sign>
> Does that look correct?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
