ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen, Ethan (MED, Carlson)" <>
Subject RE: WHY ?
Date Sat, 12 Apr 2003 19:42:25 GMT
OK.  all makes sense.  the world is not as nice as i would like it to

i wasnt attacking anybody.



-----Original Message-----
From: Steve Loughran []
Sent: Friday, April 11, 2003 6:39 PM
To: Ant Users List
Subject: Re: WHY ?

Allen, Ethan (MED, Carlson) wrote:
> I'm talking about the statement on the site that "You MUST verify the
> integrity of the downloaded files using signatures downloaded from our
> main distribution directory".  Making things more difficult for people
> hinders adoption.  "Clever marketing" was sarcasm.
> It's great if this is optional.  Then I have no problem.  I will
> the signature files.
> As though my 'IT people' don't use software without checking signature
> files ?  That's simply unrealistic nonsense.  

Apache binaries now go out over mirror systems, which makes them much 
more vulnerable to subversion than pure downloads. If you 
pull them from a mirror site, you should be checking the signatures.

Or just build them from CVS.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message