Summary: | Consider use of sha256 for signing of .exe files of Tomcat installer. | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | Konstantin Kolinko <knst.kolinko> |
Component: | Packaging | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | ||
Priority: | P2 | ||
Version: | 9.0.x | ||
Target Milestone: | ----- | ||
Hardware: | PC | ||
OS: | All | ||
Attachments: |
apache-tomcat-9.0.12_Properties.png, Signatures of Tomcat 9.0.12 installer.
PortableGit-2.12.0-64-bit_Properties.png, Signatures of "Git for Windows" (portable) installer. PortableGit-2.18.0-64-bit_Properties.png, Signatures of "Git for Windows" (portable) installer. |
Description
Konstantin Kolinko
2018-09-07 14:30:03 UTC
Created attachment 36137 [details]
apache-tomcat-9.0.12_Properties.png, Signatures of Tomcat 9.0.12 installer.
Created attachment 36138 [details]
PortableGit-2.12.0-64-bit_Properties.png, Signatures of "Git for Windows" (portable) installer.
Created attachment 36139 [details]
PortableGit-2.18.0-64-bit_Properties.png, Signatures of "Git for Windows" (portable) installer.
This is entirely dependent on the Digicert (was Symantec) code signing service being updated to use SHA-256. I'll ping my friendly technical contact and see if this is on the roadmap. Request has gone in to Symantec / Digicert. I'll update this issue when I receive a response. I've pinged DigiCert again on this. I'll post any update I receive. The signing service has been updated to use SHA-256 for all Windows .exe signings. The updated service will be used for 9.0.23 onwards and 8.5.44 onwards. |