You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When p2 is asked to transfer an artifact from one repository to another and both repositories are in the file system, it's possible that some of such artifacts to be transferred are folders and then p2 will just copy the folder (recursively) from one place in the file system to another place in the file system. It will also try to do signature verification, which works fine for jar-signed content because p2 creates a jar and then verifies the jar-signature of that synthesized jar. But for PGP, this just doesn't work because the order of the contents in the jar will produce different bytes that do not match the original bytes of the original jar. As such, p2 must omit the PGP verification step in such a case.
When p2 is asked to transfer an artifact from one repository to another and both repositories are in the file system, it's possible that some of such artifacts to be transferred are folders and then p2 will just copy the folder (recursively) from one place in the file system to another place in the file system. It will also try to do signature verification, which works fine for jar-signed content because p2 creates a jar and then verifies the jar-signature of that synthesized jar. But for PGP, this just doesn't work because the order of the contents in the jar will produce different bytes that do not match the original bytes of the original jar. As such, p2 must omit the PGP verification step in such a case.
eclipse-platform/eclipse.platform.releng.aggregator#1502
The text was updated successfully, but these errors were encountered: