www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: securing downloads
Date Mon, 06 Mar 2006 22:48:46 GMT


Steve Loughran wrote:
> I've just tweaked ant's fetch.xml build file, which can be used to
> bootstrap m2 library downloading (it <gets> the maven tasks which can
> do the rest of the work).
> 
> Now I hard code the .sha1 checksum of the library we expect in a
> properties file that comes with the ant distribution. 

What happens w/ an updated version of the library?

Provided the ant
> distro comes down in a suitably secure/validated distribution, we
> transfer the security over to the maven tasks.
> 
> Now, if we had something there that would check the pgp signature of
> every file...
> 
> 

Mime
View raw message