On Tue, 22 Mar 2005, Steve Loughran <[EMAIL PROTECTED]> wrote:
-no source file: out of date -source==dest: false or check signature -else: check timestamp
maybe if the timestamp check says the destfile is newer than (or as new as) the source then check the signature as well?
yes, we could do that as an extra. note that the signing check doesnt check that we were signed by the current signatory, only that a signature exists. So its potentially dangerous.
Once I get the fileset stuff in there (with a mapper too!), I'll do the next phase of rework which is verify jars are properly signed; this is something I'll reuse in library signature validation.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
