www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Diggory <mdigg...@gmail.com>
Subject Re: security, hashing.
Date Tue, 15 Mar 2005 14:51:54 GMT
Russell Gold wrote:

>On Thu, 10 Mar 2005 20:11:20 +0000, Steve Loughran
><steve.loughran@gmail.com> wrote:
>  
>
>>The disadvantages
>> -no obvious 'latest version' in the repository
>> -harder to field support calls, "what is the hash of your artifacts"?
>>    
>>
>
>Not to mention, really complicating the job of upgrading to new versions. 
>
>Is there a danger here of solving the 1% case at the expense of the 99% case?
>
>  
>
axis-0.0.1-04f3d5aab0.jar

then you have the version and the hash... Think of the hash as similar "alpha", "beta" or
"rcN" identifiers (isn't it really? Your just identifying this particular "packaging" of axis-0.0.1.).


But then again, this starts to get into the arena of Jar Signing, and there already is facility
for that in Jar Artifacts...

-Mark Diggory


Mime
View raw message