ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <>
Subject Re: complex signing logic in signjar
Date Tue, 22 Mar 2005 15:34:15 GMT
Stefan Bodewig wrote:
> On Tue, 22 Mar 2005, Steve Loughran <> wrote:
>>-no source file: out of date
>>-source==dest: false or check signature
>>-else: check timestamp
> maybe if the timestamp check says the destfile is newer than (or as
> new as) the source then check the signature as well?

yes, we could do that as an extra. note that the signing check doesnt 
check that we were signed by the current signatory, only that a 
signature exists. So its potentially dangerous.

Once I get the fileset stuff in there (with a mapper too!), I'll do the 
next phase of rework which is verify jars are properly signed; this is 
something I'll reuse in library signature validation.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message