of Ant users.
Bye for now.
Original Message
List: ant-dev
Subject:Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs
SignJarTest.java
From: Steve Loughran
Date: 2005-03-30 9:34:05
Message-ID: <424A728D.7040707 () apache ! org>
Kev J
Kev Jackson wrote:
Here are my current plans
-pull the declaration of , tests, etc.
-I'd leave the code over in optional, always excluded, with a "here is
why this is broken" comment. Its aim is to warn off others.
-Not attempt to use jar signing as a way of verifying JAR downloads in
; this was
Here are my current plans
-pull the declaration of , tests, etc.
-I'd leave the code over in optional, always excluded, with a "here is
why this is broken" comment. Its aim is to warn off others.
-Not attempt to use jar signing as a way of verifying JAR downloads in
; this was my plan.
Could you
Kev Jackson wrote:
Well, a bit of hackery and you can verify that JAR is signed. But
there is *nothing* to verify that the signature itself is trusted.
Essentially "jarsigner -verify" is a worthless piece of junk from the
security perspective.
Who'd have thought that a commit message would
Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially "jarsigner -verify" is a worthless piece of junk from the security perspective.
Who'd have thought that a commit message would have me ROFL! "Worthl
