Thanks to STP project (and those that
helped them) to get their jars signed.
But, there are still unsigned jars ...
and these fall into two categories.
1. org.eclipse.dd jars are unsigned,
and there's been some response long ago in the bugzilla (which I interpreted
to mean "will be done immediately") but they are not done yet.
Have we waited long enough? (I think
you all know how I'd respond ... and given previous discussions I think
I know how you all would respond ... but, I'd recommend we have the discussion
and an explicit decision made, rather than coasting along).
2. There is one set (of three) that
are "partial jars", where some of there content is not being
distributed and users have to supply their own content (based on them accepting
different license agreements, or something).
So, these jars can not be signed, since
users do have to modify them after they are installed.
Given the lateness at which this hole
as been discovered, I wouldn't argue too much that they should be excluded
from Ganymede ... though I could be persuaded, if someone else wanted to
carry that torch ... but would like it made clear that this is not a long
term solution and I would advocate that for any future simultaneous releases,
if we have any future such efforts, that this hole be plugged and to explicitly
disallow unsigned jars (for this particular reason, that is).
So ... Planning Council members, since
the rule states "Exceptions authorized by the
planning council for technical reasons." it is now is your responsibility
to exercise your authority.