Yaniv Kaul (2014-02-16 08:31):
Is it possible to publish hash of the new JARs, so at least I can somehow try and verify their integrity? Since it's not packaged in any signed format (RPM, MSI, etc.), it's the least we can do to verify the package authenticity.
Execute hash creation in shell job step and just echo it to log. That's probably the simpliest solution. You could use plugins to push this information to e.g. build description.
Nux. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
