www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <steve.lough...@gmail.com>
Subject securing downloads
Date Mon, 06 Mar 2006 21:51:19 GMT
I've just tweaked ant's fetch.xml build file, which can be used to
bootstrap m2 library downloading (it <gets> the maven tasks which can
do the rest of the work).

Now I hard code the .sha1 checksum of the library we expect in a
properties file that comes with the ant distribution. Provided the ant
distro comes down in a suitably secure/validated distribution, we
transfer the security over to the maven tasks.

Now, if we had something there that would check the pgp signature of
every file...

View raw message