ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: complex signing logic in signjar
Date Tue, 22 Mar 2005 15:34:15 GMT
Stefan Bodewig wrote:
> On Tue, 22 Mar 2005, Steve Loughran <stevel@apache.org> wrote:
> 
> 
>>-no source file: out of date
>>-source==dest: false or check signature
>>-else: check timestamp
> 
> 
> maybe if the timestamp check says the destfile is newer than (or as
> new as) the source then check the signature as well?
> 

yes, we could do that as an extra. note that the signing check doesnt 
check that we were signed by the current signatory, only that a 
signature exists. So its potentially dangerous.

Once I get the fileset stuff in there (with a mapper too!), I'll do the 
next phase of rework which is verify jars are properly signed; this is 
something I'll reuse in library signature validation.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message