ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kev Jackson <>
Subject Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs
Date Fri, 25 Mar 2005 02:14:43 GMT

>  Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing*
to verify that the signature itself is trusted. Essentially "jarsigner -verify" is a worthless
piece of junk from the security perspective.
Who'd have thought that a commit message would have me ROFL!  "Worthless 
piece of junk" - priceless, now I hope that someone at Sun takes this 
comment and really wakes up to the fact that they can't keep banging the 
"more secure than .Net" if they don't fix basic things like this.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message