ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <>
Subject Re: validating content in Maven repositories
Date Tue, 26 Oct 2004 09:17:36 GMT
<> wrote:
 > As far as I can tell, MD5s from the same server can only tell you about
 > download corruption. MD5s from a separate, "trusted" server for a
 > download verify the remote machine's content is correct with respect to
 > the trusted version. This is important for mirroring - if you look at
 > Ant's download page, the zips are sourced from a mirror but the MD5s
 > point to the version.


One nice thing about maven's repository is that you can automatically 
find the .md5 signature for
any achive file by appending .md5 to it. We really need a trusted 
(https) repository that serves up the checksums. Or they get signed.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message