On Monday, February 17, 2014 1:43:55 PM UTC+2, maciej wrote: > > Yaniv Kaul (2014-02-16 08:31): > > Is it possible to publish hash of the new JARs, so at least I can somehow > try and verify their integrity? Since it's not packaged in any signed > format (RPM, MSI, etc.), it's the least we can do to verify the package > authenticity. > > > Execute hash creation in shell job step and just echo it to log. That's > probably the simpliest solution. You could use plugins to push this > information to e.g. build description. > > Nux. > > My fault - I wasn't clear - I meant when new *Jenkins* JARs are released (from jenkins-ci.org ). Y.
On Monday, February 17, 2014 1:43:55 PM UTC+2, maciej wrote: > > Yaniv Kaul (2014-02-16 08:31): > > Is it possible to publish hash of the new JARs, so at least I can somehow > try and verify their integrity? Since it's not packaged in any signed > format (RPM, MSI, etc.), it's the least we can do to verify the package > authenticity. > > > Execute hash creation in shell job step and just echo it to log. That's > probably the simpliest solution. You could use plugins to push this > information to e.g. build description. > > Nux. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
