Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially "jarsigner -verify" is a worthless piece of junk from the security perspective.
Who'd have thought that a commit message would have me ROFL! "Worthless
piece of junk" - priceless, now I hope that someone at Sun takes this
comment and really wakes up to the fact that they can't keep banging the
"more secure than .Net" if they don't fix basic things like this.
Kev
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
