www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <brett.por...@gmail.com>
Subject Re: repo security
Date Thu, 13 Jan 2005 20:01:27 GMT
> Would we be talking about "gpg --armor --output
> commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar". Or, is
> there some other mechanism we would need to go through?

This is what I'd intended to do in Wagon using Bouncycastle. And as
Steve mentions, it can be at the users discretion: skip it, check it
from the same location, check it, getting keys from a specified
trusted location, only trust if the key is already in my keychain are
probably the levels.

- Brett

View raw message