www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: auditing the artifacts
Date Thu, 15 Apr 2010 08:45:05 GMT
Hi,

On Thu, Apr 15, 2010 at 10:40 AM, Steve Loughran
<steve.loughran@gmail.com> wrote:
> I'm wondering what the best way to audit *.jar and *.pom is to make
> sure they are all the same as they were before someone malicious got
> onto some of the asf servers last week.

Most of them should have valid PGP signatures with keys linked to the
Apache web of trust.

BR,

Jukka Zitting

Mime
View raw message