[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] More on re-signing bundles

> If you absolutely want to eliminate the warning, just re-sign the jars
> with the new cert.  No need to rebuild them.


Care is needed here. Since the exact bits of a bundle are assumed to
be unique to the exact version and qualifier of a bundle. So, if a signature
changes, the qualifier (at least) should increment. I do not know of a way
to do that without rebuilding ... but, would be a cool trick if someone did
know of a way!

This general issue is discussed in an old feature request [1]
for p2 to "favor" signed bundles (and could be expanded to favor more recently signed
bundles) but current behavior is not likely to ever change.

But, I agree with Denis' and John's comments that "it does no harm", so I think
fine to live with the "helpful" warning rather than rebuild just to get a new signature.
[If anyone knows of cases where it causes "harm", let us know, but I think in Eclipse IDE at least,
end-users would never see this warning].

[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=317764