On Tuesday, July 9, 2002, at 11:15 , Stephane Bailliez wrote:
-----Original Message----- From: [EMAIL PROTECTED]
Anyway, I though it was worth raising the issue now for discussion especially as the concept of an Ant1 antlib is again on the agenda.\
Thoughts?
Is this really important...for a build file ? What are you thinking about ?
Maybe it is an over reaction on my part.
My point is that we are talking about downloading code and running it within Ant's VM which is completely trusted. In the last few days there has been discussion on bugtraq about the weaknesses in Apple's OSX software update mechanism. It seems to me that simple jar downloading would be susceptible to the same issues unless some precautions are taken. We are not signing jars currently, for example.
So, non-issue? Perhaps.
Conor
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
