On Tue, 26 Oct 2004, Steve Loughran <[EMAIL PROTECTED]> wrote:
> On Tue, 26 Oct 2004 07:56:37 +0200, Stefan Bodewig
> <[EMAIL PROTECTED]> wrote:
> > We certainly need a better web of trust. As many committers (or
> > users for that matter) as possible should create PGP keys and use
> > every o
On Tue, 26 Oct 2004 07:56:37 +0200, Stefan Bodewig <[EMAIL PROTECTED]>
wrote:
> This is in addition to Conor's remarks.
>
> On Fri, 22 Oct 2004, Steve Loughran <[EMAIL PROTECTED]> wrote:
>
> > The only way to secure it is one of
> >
> > 1. checksums to live on an http server you trust
> > 2. th
<[EMAIL PROTECTED]> wrote:
> As far as I can tell, MD5s from the same server can only tell you about
> download corruption. MD5s from a separate, "trusted" server for a
> download verify the remote machine's content is correct with respect to
> the trusted version. This is important for mirroring -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 26 Oct 2004, Stefan Bodewig <[EMAIL PROTECTED]> wrote:
> Personally I'm happy with PGP.
Just for the dramatic effect I intended to sign the mail when I put it
into the drafts folder last night and forgot it when I sent it. Damn.
My PGP key
This is in addition to Conor's remarks.
On Fri, 22 Oct 2004, Steve Loughran <[EMAIL PROTECTED]> wrote:
> The only way to secure it is one of
>
> 1. checksums to live on an http server you trust
> 2. things to be signed by a CA you trust.
things PGP signed by somebody you trust (or can build a
As far as I can tell, MD5s from the same server can only tell you about
download corruption. MD5s from a separate, "trusted" server for a
download verify the remote machine's content is correct with respect to
the trusted version. This is important for mirroring - if you look at
Ant's download
Lets assume that I am writing a task to download jar files from remote
places. No more specifics, as I will only get feature requests :)
Now lets assume that the maven repository is an obvious place of stuff,
and one class of repository to work with. Maven repositories have
(a) the jar files
(b) m
Lets assume that I am writing a task to download jar files from remote
places. No more specifics, as I will only get feature requests :)
Now lets assume that the maven repository is an obvious place of stuff,
and one class of repository to work with. Maven repositories have
(a) the jar files
(b) m
