ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen, Ethan (MED, Carlson)" <>
Subject RE: WHY ?
Date Fri, 11 Apr 2003 21:46:09 GMT
I'm talking about the statement on the site that "You MUST verify the
integrity of the downloaded files using signatures downloaded from our
main distribution directory".  Making things more difficult for people
hinders adoption.  "Clever marketing" was sarcasm.

It's great if this is optional.  Then I have no problem.  I will ignore
the signature files.

As though my 'IT people' don't use software without checking signature
files ?  That's simply unrealistic nonsense.  


-----Original Message-----
From: Mike McNally []
Sent: Friday, April 11, 2003 4:16 PM
To: Ant Users List
Subject: Re: WHY ?

> What is it with the PGP and MD5 junk on the downloads ?  Clever
> marketing ?  Attempt to make sure fewer people will use new releases ?
> This is really strange ...

What the heck are you talking about?  The PGP and MD5 links are there so
that you can verify that the source package you're downloading isn't a
fake with a trojan horse in it.  They're separate downloads.

You're free to ignore the signature files.  In fact you should let your
IT people know that you won't be fooled by clever marketing tricks, and
will thus continue to install software in the network without validating
by signature.  They'll thank you.

[ you are my main foo ] Mike McNally --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message