On Sunday, 12 January 2014 22:20:17 UTC, Abhijith Chandrashekar wrote: > > > Of course, you'd need a secure way to make sure it's actually his > signature, but that should be easier than changing the entire distribution > chain. > > That's exactly the problem. Any ideas on how I can do that? > > Thanks, > Abhijith >
http://kohsuke.org/about/pgp/ But if you are that security paranoid then you should download the sources, inspect them (and the history) and then compile them yourself every release (like you do for all the plugins right!?). /James -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
