www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: auditing the artifacts
Date Thu, 15 Apr 2010 08:45:05 GMT

On Thu, Apr 15, 2010 at 10:40 AM, Steve Loughran
<steve.loughran@gmail.com> wrote:
> I'm wondering what the best way to audit *.jar and *.pom is to make
> sure they are all the same as they were before someone malicious got
> onto some of the asf servers last week.

Most of them should have valid PGP signatures with keys linked to the
Apache web of trust.


Jukka Zitting

View raw message