Hi all, I wanted to start by thanking you for the amazing work you have put together. Ant is an awesome project and you should be proud for the work you've done to put it together. If you've seen a message like this before it's because I've sent a similar message to the Maven developer mailing list :)
I wanted to ask quickly if you've had a chance to read this: http://www.fortify.com/landing/downloadLanding.jsp?path=%2Fpublic%2Ffortify_attacking_the_build.pdf I think supporting an option to automatically verify signatures for remote repositories would be an awesome boon for security. Does this option already exist and I'm just not looking hard enough, or are there plans to develop this feature in a future release? Thanks, -- Rohit Sethi Security Compass http://www.securitycompass.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
