ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <>
Subject Re: WHY ?
Date Fri, 11 Apr 2003 23:38:30 GMT
Allen, Ethan (MED, Carlson) wrote:
> I'm talking about the statement on the site that "You MUST verify the
> integrity of the downloaded files using signatures downloaded from our
> main distribution directory".  Making things more difficult for people
> hinders adoption.  "Clever marketing" was sarcasm.
> It's great if this is optional.  Then I have no problem.  I will ignore
> the signature files.
> As though my 'IT people' don't use software without checking signature
> files ?  That's simply unrealistic nonsense.  

Apache binaries now go out over mirror systems, which makes them much 
more vulnerable to subversion than pure downloads. If you 
pull them from a mirror site, you should be checking the signatures.

Or just build them from CVS.

View raw message