ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Conor MacNeill <co...@cortexebusiness.com.au>
Subject Re: Ant Security
Date Tue, 09 Jul 2002 13:26:02 GMT

On Tuesday, July 9, 2002, at 11:15 , Stephane Bailliez wrote:

>> -----Original Message-----
>> From: conor@cortexebusiness.com.au
>>
>> Anyway, I though it was worth raising the issue now for discussion
>> especially as the concept of an Ant1 antlib is again on the agenda.\
>>
>> Thoughts?
>
> Is this really important...for a build file ? What are you thinking 
> about ?
>

Maybe it is an over reaction on my part.

My point is that we are talking about downloading code and running it 
within Ant's VM which is completely trusted. In the last few days there 
has been discussion on bugtraq about the weaknesses in Apple's OSX 
software update mechanism. It seems to me that simple jar downloading 
would be susceptible to the same issues unless some precautions are 
taken. We are not signing jars currently, for example.

So, non-issue? Perhaps.

Conor

--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>


Mime
View raw message