Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 19720 invoked from network); 23 May 2006 14:47:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 May 2006 14:47:12 -0000 Received: (qmail 21478 invoked by uid 500); 23 May 2006 14:47:07 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 21418 invoked by uid 500); 23 May 2006 14:47:06 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 21406 invoked by uid 99); 23 May 2006 14:47:05 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 May 2006 07:47:05 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [68.251.29.227] (HELO mail) (68.251.29.227) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 May 2006 07:47:04 -0700 Received: from internet.dev.donnell.com (defrouter [68.251.29.225]) by mail.donnell.com (iPlanet Messaging Server 5.2 (built Feb 21 2002)) with SMTP id <0IZQ003JD3Q4RK@mail.donnell.com> for dev@tomcat.apache.org; Tue, 23 May 2006 10:46:54 -0400 (EDT) Date: Tue, 23 May 2006 10:46:25 -0400 From: Mark Claassen Subject: Binary build procedures To: dev@tomcat.apache.org Message-id: <001e01c67e77$aaba4560$19c909c0@K9> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 X-Mailer: Microsoft Office Outlook 11 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Thread-index: AcZ+d6ppY2u1x2xWStGx+02bpK8GAw== X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N My boss has implemented some new procedures with regard to open source projects. He believes the source distributions are trustworthy, but he is not sure if he trusts the binary distributions. I think the reasoning is that he is uncertain if the binary distributions are controlled as well as the source ones are. And if they are not, someone could inject some malicious code to expose customer data or something. Can someone give me a brief explanation on how the binary distributions are created for 5.5? Are the binary distributions created automatically from the repository, leaving no chance for nefarious tampering? Thanks, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org