Re: signer information does not match signer information of other classes in the same package
- From: Lew <noone@xxxxxxxxxxxxx>
- Date: Fri, 11 Feb 2011 07:46:52 -0500
albert kao wrote, quoted or indirectly quoted someone who said :
However, I do not use any log statement in my program.
I cannot modfiy the third party jar files.
Roedy Green wrote:
Obviously you CAN modify third party jars. There is nothing
technically stopping you. What you need is permission to do so. That
But there is something technically shouting, "NO! Don't do that!"
On projects where they've done that, I've seen maintenance headaches. You end up locked into old, often obsolete or unsupported versions of those third-party JARs lest you lose your customizations. At best you become a maintainer for someone else's product. This is expensive and in every case I've seen so far, foolish and unnecessary.
is a political problem. Perhaps that limitation can be bypassed if
you can't find another solution.
It's a technical problem. It's a maintenance problem. It's a headache. Go to nearly any length to avoid modifying other people's code for your project.
What you can do is open them the jars up and bundle them back into a
big jar that you sign.
In this limited scenario where you're only changing the signature the cost might be somewhat less than when you actually change the content of the JAR, but you still have to think. By signing the JAR yourself, you become the certifier of its worthiness and safety. That's a lot of trust to put in the third party, to assume responsibility for that assertion.
I have heard it is possible to have different signers on different
jars if you use Java WebStart.
WebStart seems like a solution to a lot of web-distribution matters.
You might also explore the possibility of resigning an already signed
jar so that all jars have the same signer.
Another possibilty it so pre-install the needed jars in the client ext
dirs. You might write a little installer to do that. I think then it
does not matter how they are signed.
Approaches that isolate you from responsibility for third-party products should be considered first.
Ceci n'est pas une fenêtre.
|###] | [###|
|##/ | *\##|
|#/ * | \#|
|| | * ||
|o * | o|
- Prev by Date: Re: limitations on using enum as generic parameter
- Next by Date: Re: Shortest way to read all lines (one by one) from a text file?
- Previous by thread: Re: signer information does not match signer information of other classes in the same package
- Next by thread: Re: signer information does not match signer information of other classes in the same package