cancel
Showing results for 
Search instead for 
Did you mean: 

Do you trust these signers? Update 1.13.1

CBerg
Senior

Hello Community

the new update 1.13.1 just popped up. When I click throuhg the update process the following windows pops up:

signers.png

 

To be honest: this does not look very trustworthy. Even if "Legion of the Bouncy Castle" seems to be a legit certificate from Oracle, the other two signers have no information where I could check the authenticity. I will not trust these signers. => i will not install this update.

And by the way: would someone please be so kind to tell Oracle, that "Legion of the Bouncy Castle" is IMHO NOT a suitable name to generate trust. I'd rather expect this to be the self given name of a Nigerian Scammer Group ...

In General i had already serious hedache with trusting the signers in the previous updates. I'd really appreciate it, if ST could add a valid certificate for all this stuff. This time it's simply to much uncertainties. Please fix that, if you can, thank you!

4 REPLIES 4
Pavel A.
Evangelist III

Why Oracle? CubeIDE no longer ships with JRE from Oracle?

Why Oracle? Good Question, I have no Idea. I did not pack the installer for this update ...

the first entry in the list in the screenshot above is, that I should trust "Legion of the Bouncy Castle", which seems to be a branch of Oracle. At least it says so, when I click on that entry and read the description.

xeng_EE
Associate

Did you trust it?

Nope, I did not. But I installed the Software anyway, because I had no other option, but with a very bad feeling in my guts ...