ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <stev...@iseran.com>
Subject Re: Cryptographic Hash function from ant
Date Thu, 11 Apr 2002 23:01:49 GMT

----- Original Message -----
From: "Christian Geuer-Pollmann" <maillist@nue.et-inf.uni-siegen.de>
To: "Ant Developers List" <ant-dev@jakarta.apache.org>
Sent: Thursday, April 11, 2002 2:34 PM
Subject: Re: Cryptographic Hash function from ant


> --On Donnerstag, 11. April 2002 13:50 +0200 Stefan Bodewig
> <bodewig@apache.org> wrote:
> > On Wed, 10 Apr 2002, Christian Geuer-Pollmann
> >> BTW, is this XML Signature functionality interesting for you?
> >
> > I'm not familiar with it, could you explain in what way it may be
> > interesting for Ant?
>
> Well, if you look at signed JAR archives, the person who downloads and
> executes a Java program stored in a JAR can verify who's the software
> vendor of this archive. If you look at distributing software on the apache
> site, many projects do use PGP to sign the ZIP files for binary and source
> distros. Incorporating XML Signatures into ant make files would enable an
> ant built run to verify the integrity of the whole distribution; not only
> after downloading the software from the web but each time an ant run is
> started.
>
> Depends on the scenario whether a project needs such kind of security or
> not.

hmm. a signed ant file would still be vulnerable to someone subverting the
taskdefs and so changing behavior, but in a remote submission model (like
rant) you may want to authenticate which build files you run, as well as the
user submitting the jobs.

I dont see a pressing need for it in the ant core, though...by <XmlSign> and
<XmlSignatureVerify> could be good tasks to add to the apache XmlSignature
project. It makes a lot more sense to keep something like that tightly
integrated with the implementation; avoids version issues &c.


--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>


Mime
View raw message