m273d15
commented
3 years ago I think the "technical side" of this issue should be simple: We have to use the standard java jar signing process and create a bash script or integrate the process into Gradle (it should be possible to use existing plugins or the ant builder).
The more complex questions is which certificate we should/could use. I think publishing jars that are signed with a self-signed cert is not an improvement. Therefore, it would be necessary to get a cert from a Certificate Authority as LetsEncrypt (or probably the FU Berlin can help ).
Using Eclipse SDK 2020-06 (4.16) and installing Saros 15.0.0 from Eclipse Marketplace will lead to following message during installation:
Warning: Installing unsigned software for which the authenticity or validy cannot be established. Continue with the installation?
Dependent files: saros.core_0.2.0.jar - saros.eclipse_16.0.1.jar - saros.feature_16.0.1 Running jarsigner on the two jars also leads to the result: both jars are unsigned.
Thank you for all your effort!