You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Andrew Hart (JIRA)" <ji...@codehaus.org> on 2009/07/15 17:14:22 UTC

[jira] Commented: (MJAR-116) Allow signing of already signed jars

    [ http://jira.codehaus.org/browse/MJAR-116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183661#action_183661 ] 

Andrew Hart commented on MJAR-116:
----------------------------------

There are also plenty of good reasons to want to sign a third party jar for secure permissions.  JarSigner allows multiple signers of jar files;  the plugin does not!  Extremely aggravating!  Please escalate!  Pavel has provided you with a patch; please incorporate.  Why is this ticket sitting idle 4 months later!

> Allow signing of already signed jars
> ------------------------------------
>
>                 Key: MJAR-116
>                 URL: http://jira.codehaus.org/browse/MJAR-116
>             Project: Maven 2.x Jar Plugin
>          Issue Type: Improvement
>          Components: sign
>            Reporter: Pavel Jisl
>         Attachments: JarSignMojo-forcesign-patch.txt
>
>
> For releasing webstart applications is crucial to have all jars included signed with one certificate of the releasing company. If these jars are not signed with one unified certificate, Java Webstart system asks for each unsigned (or jar with another signature) if user agrees and grants access to the system. 
> Maven Jar Plugin currently does not support signing of already signed packages. I created patch, that creates new property "forcesign" which default value is false (standard behavior) and if this property is set to true, plugin will continue with signing.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira