[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

Good catch.  there is alot of stuff that is out of date.  The Security work area folks have agreed to update the website as part of the transition of Equinox (should happen real soon now).  I assume that this will get updated at that time.


Thomas Watson <tjwatson@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/23/2005 09:28 AM

Please respond to
Equinox development mailing list

Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

I was browsing the new content for the equinox-home web site (looks like Jeff has been busy) and came accross a page for Signing Plug-ins at:


It asks, how PDE should be extended to sign plugins?  I thought PDE already had this capability when you export a plug-in from your workspace.  There is an option to provide a private key to sign the plug-in on export from a workspace.  Is there more work to be done here?  Is this capability not included in PDE build yet?

We should probably separate out requirments for an interface to specify the permissions required by a plug-in in PDE.  This should be orthogonal to signing a bundle.  An interface could be developed to add PermissionInfo data into the OSGI-INF/permissions.perm file.  But we need to be careful here because this file specifies the maximum set of permissions a bundle will ever need.  If the developer gets it wrong then there is no way an administrator can override the permissions.perm file to give a bundle more permissions at runtime.  Hopefully tooling can help to identify what permissions a particular bundle needs.

It seems like we need to develop a separate location to store permission requirements for bundles (maybe in a feature).  And then update could assign the permissions using ConditionalPermissionAdmin when it installs features.


equinox-dev-bounces@xxxxxxxxxxx wrote on 09/22/2005 09:39:13 PM:

> For fun I put this on the Equinox web site at
>         http://dev.eclipse.org/viewcvs/indextech.
> cgi/~checkout~/equinox-home/security/verifier.html
> After the transition we should have a Wiki on the site and that will
> make things much easier.
> Jeff
> _______________________________________________
equinox-dev mailing list