The “new” was introduced for some reason in JDK 1.8 documentation but this has been there since JDK 1.0 documentation which I can’t find but it’s also there since JDK 2.0 [1].
The deployment guide will be updated. Chris [1] http://docs.oracle.com/javafx/2/deployment/javafx_ant_task_reference001.htm <http://docs.oracle.com/javafx/2/deployment/javafx_ant_task_reference001.htm> > On Dec 13, 2016, at 3:52 PM, Stefan Fuchs <snfu...@gmx.de> wrote: > > Well, in Java 8 <fx:signjar> is part of the javafx_ant_task reference [1] > and advertised as being the new and more efficient way to sign jars [2] > > Anyway, perhaps the deprecation message for <fx:signjar> could be enhanced to > point to https://ant.apache.org/manual/Tasks/signjar.html as the recommended > way to sign jars. > The Deployment Guide should be updated as well. > > - Stefan > > > [1] > http://docs.oracle.com/javase/8/docs/technotes/guides/deploy/javafx_ant_task_reference.html#CIADDAEE > [2] > http://docs.oracle.com/javase/8/docs/technotes/guides/deploy/packaging.html#BABJGFBH > > > > David DeHaven wrote: >> This is only signing via the <fx:signjar> mechanism, which was never fully >> supported or part of any standard. To sign webstart applications (even FX >> apps) just use jarsigner or the associated ant signjar task. >> >> -DrD- >> >> [1] https://ant.apache.org/manual/Tasks/signjar.html >> >>> On Dec 13, 2016, at 11:02 AM, Stefan Fuchs <snfu...@gmx.de> wrote: >>> >>> Hi Chris, >>> >>> well I think reason number 1 is not correct. The definition of self signed >>> depends on who created the signing key. If you created it yourself, it is a >>> self signed jar and will rightfully be blocked. >>> If you however obtained the signing key from a Certification Authority, >>> that java accepts, it is not a self signed jar and will not be blocked. >>> This is a perfectly valid usecase for fxsign jar. >>> >>> For the 2nd reason: I don't think many users will go modular for Webstart >>> Applications. Normally you simply pack all your classes in a single big >>> jar-file (and perhaps a second, if you use a preloader). >>> This avoids various network round trips, when the application starts and >>> makes deployment much easier. >>> >>> >>> Stefan >>> >>>> Hi Stefan, >>>> >>>> Yes, it is being deprecated. It will continue to function as it has. Two >>>> main reasons for the deprecation are: >>>> >>>> 1. Self signed jars are blocked and sign as blob is a self signed jars. >>>> >>>> 2. There will be a replacement for modules that will be better. >>>> >>>> Chris >>>> >>>> >>>>> On Dec 12, 2016, at 11:56 PM, Stefan Fuchs <snfu...@gmx.de> wrote: >>>>> >>>>> Hi, >>>>> >>>>> so blog signing as deprecated. >>>>> >>>>> What are the reasons for deprecating blog signing? Are there alternatives? >>>>> How do I sign a webstart application? >>>>> >>>>> Stefan >>>>> >>>>>> David, >>>>>> >>>>>> Please review these changes to deprecate the blob signing from the Java >>>>>> Packager. >>>>>> >>>>>> JIRA: https://bugs.openjdk.java.net/browse/JDK-8169443 >>>>>> <https://bugs.openjdk.java.net/browse/JDK-8169443> >>>>>> Webrev: http://cr.openjdk.java.net/~cbensen/JDK-8169443/webrev.00/ >>>>>> <http://cr.openjdk.java.net/~cbensen/JDK-8169443/webrev.00/> >>>>>> >>>>>> Chris >> >
