ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: cvs commit: ant/docs/manual/CoreTasks checksum.html
Date Mon, 21 Feb 2005 11:41:29 GMT
Thomas Schapitz wrote:
> Kev Jackson schrieb:
> 
>> I don't think that this is the major problem.  It's very very very 
>> unlikely that anyone would want to tamper with Ant (why bother, a user 
>> can always get teh source and build themselves?).  The problem is that 
>> when using Ant to build new code (and to generate a checksum for that 
>> distribution), now you as the developer of new-shiny-applictaion have 
>> to decide whether anyone is going to take the time to create a fake 
>> version of your app.  
> 
> 
> Corruption of the new App isn't necessarily the intention of a potential 
> attacker. It's far more interesting,
> to intercept passwords passed into ftp, ssh, or scp tasks,  spying into 
> the file system accessible
> to the ant installation, or even to install malware.
> 
> This said, our options to prevent this are very limited, and depend 
> heavily on the
> cooperation of ANT users. Or did you ever knew somebody, who checked the
> checksums of an ANT distribution contained as convienance in an other 
> system
> (e.g. netbeans, or weblogic)?

I want to do signature checking as part of <libraries>, to verify that 
libraries from a mirror are not subverted.

If we have to rely on JDK crypto only, then SHA-1 is still pretty 
secure.  For now. But we ought to generate any better checksums that 
later JDKs support.

I'm going to propose on the repository list that we generate multiple 
checksums/signatures, stick them in an XML file or a properties file 
(thoughts there?)

-steve


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message