Hi, I've attached a patch that would fix COMPRESS-18 at the price of sacrificing backwards compatibility of the jar package to COMPRESS-18. I'm not sure whether the impact of that change is small enough to allow the patch in or whether it is not acceptable, that's why I haven't committed it directly.
The alternative to this patch is to implement the whole jar verification process ourselves since certificates are only available if a signature exists and is valid. This isn't likely to be implemented quickly. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org