Return-Path: 
 <repository-return-836-apmail-repository-archive=apache.org@apache.org>
Delivered-To: apmail-repository-archive@www.apache.org
Received: (qmail 18665 invoked from network); 7 Feb 2005 23:14:49 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 7 Feb 2005 23:14:49 -0000
Received: (qmail 30558 invoked by uid 500); 7 Feb 2005 23:14:48 -0000
Delivered-To: apmail-repository-archive@apache.org
Received: (qmail 30494 invoked by uid 500); 7 Feb 2005 23:14:48 -0000
Mailing-List: contact repository-help@apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:repository-help@apache.org>
list-unsubscribe: <mailto:repository-unsubscribe@apache.org>
list-post: <mailto:repository@apache.org>
Reply-To: repository@apache.org
Delivered-To: mailing list repository@apache.org
Received: (qmail 30480 invoked by uid 99); 7 Feb 2005 23:14:48 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: domain of steve.loughran@gmail.com
 designates 64.233.170.197 as permitted sender)
Received: from rproxy.gmail.com (HELO rproxy.gmail.com) (64.233.170.197)
  by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 07 Feb 2005 15:14:46 -0800
Received: by rproxy.gmail.com with SMTP id y7so797729rne
        for <repository@apache.org>; Mon, 07 Feb 2005 15:14:44 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
        b=G6qneELXSSCLGHBYyKsQYk8GaEum87fJKZbOo7QCk+3rKCEBaeW3zF7abH43srXYg4Qn4ZEWdNx/28iHfNjZc1AhZREW+5IhXP2lAr6jYAVtffjcocRTQl+0aM6RwsTVQtyuKK/0n1mrvfjUdlQ8hWfYoLtTguW5wOsZdcuwUn8=
Received: by 10.38.89.3 with SMTP id m3mr222595rnb;
        Mon, 07 Feb 2005 15:14:43 -0800 (PST)
Received: by 10.39.3.79 with HTTP; Mon, 7 Feb 2005 15:14:43 -0800 (PST)
Message-ID: <c84a50780502071514c32de4f@mail.gmail.com>
Date: Mon, 7 Feb 2005 23:14:43 +0000
From: Steve Loughran <steve.loughran@gmail.com>
Reply-To: Steve Loughran <steve.loughran@gmail.com>
To: repository@apache.org
Subject: Apache JAR signing
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

I'm adding JAR signature verification to the ant repository task. this
is not how we can do security on the main repository, but something
third parties may want. And it starts me off on learning about the
relevant APIs.

Its been mentioned that Apache has a certficiate now. Can somebody
post the public cert so I can see if it works with the Java security
infrastructure?

-steve