-
Hans-Christoph Steiner authored
Any process can read the process table, and can therefore see the entire command line of any other process. That means its a bad idea to ever put passwords as part of a command line. Python is executing keytool and jarsigner command lines here, so now instead of putting the password on the command line, a file is passed instead with suitable file permissions. This should reduce the exposure a lot. But still, sensitive passwords should not be written to any text file. This change requires OpenJDK-7 since the :file option to -storepass and -keypass was only added in Java 7's keytool and jarsigner.
525759b2