More info: This link for Eclipse Jar signing: http://wiki.eclipse.org/JAR_Signing
This link for 3rd party (that would include ASF) Jar signing performance issues: http://wiki.eclipse.org/JAR_Signing#What_effect_does_signing_have_on_runtime_behaviour.3F On 12/5/2011 10:30 AM, Marshall Schor wrote: > Every time people install one of our plugins, they get a warning message about > installing "unsigned" Jars. > > We do "sign" the Jars, but not with Eclipse Jar-signing techniques, which (if > I > recall correctly) require a "Certificate" issued by an officially sanctioned > certificating agency (for a fee). > > We sign our Jars using the same PGP method we use for other Jars, which > generates an .asc file. > > Is there any way to tie these two methods together, so our Eclipse Jars appear > "signed" by Eclipse? > > -Marshall >
