WOLips should be signed #110
Comments
|
I love how eclipse complains about unsigned plugins, but nowhere is there a pgp-signature for eclipse itself at eclipse.org. If we build signed releases, perhaps we can also set up a signed build of eclipse. But then, I doubt they sign their commits/tags either. |
|
Is the build server a physical box somewhere wocommunity controls? I'm thinking a Yubikey4 with its' code signing magic might be nice here. Naturally, we'd need a usb port for it to go in. |
|
Looks like the cheapest certificate I can find is here. $365 for 5 years. http://codesigning.ksoftware.net/ Symantec wants more than that for 1 year. |
|
This one looks cheap too, |
|
It appears the pmd plugin, and others, are signing their plugin with let's encrypt certificates. It seems like it's possible to do this for free now, https://adangel.org/2021/09/16/code-signing-lets-encrypt-github-pages/ https://github.com/pmd/pmd-eclipse-plugin/tree/master/.ci pretty neat, maybe we can try it. |
The JARs should be signed so that users stops getting a warning saying that WOLips is not signed when the plugin is installed.
See http://nirmalsasidharan.wordpress.com/2010/09/04/signing_eclipse_plugins/ and http://wiki.eclipse.org/JAR_Signing
The text was updated successfully, but these errors were encountered: