Hi,

I've attached a patch that would fix COMPRESS-18 at the price of
sacrificing backwards compatibility of the jar package to COMPRESS-18.
I'm not sure whether the impact of that change is small enough to allow
the patch in or whether it is not acceptable, that's why I haven't
committed it directly.

The alternative to this patch is to implement the whole jar verification
process ourselves since certificates are only available if a signature
exists and is valid.  This isn't likely to be implemented quickly.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to