www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <steve.lough...@gmail.com>
Subject Re: auditing the artifacts
Date Thu, 15 Apr 2010 08:50:27 GMT
the ASF one, yes, but the others? I'm also thinking of something you
can point at any server and say "from my IPAddr, I see the legit
artifacts"

On 15/04/2010, Jukka Zitting <jukka.zitting@gmail.com> wrote:
> Hi,
>
>
>  On Thu, Apr 15, 2010 at 10:40 AM, Steve Loughran
>  <steve.loughran@gmail.com> wrote:
>  > I'm wondering what the best way to audit *.jar and *.pom is to make
>  > sure they are all the same as they were before someone malicious got
>  > onto some of the asf servers last week.
>
>
> Most of them should have valid PGP signatures with keys linked to the
>  Apache web of trust.
>
>  BR,
>
>
>  Jukka Zitting
>

Mime
View raw message