> -----Original Message----- > From: Conor MacNeill [mailto:[EMAIL PROTECTED] > > > > Is this really important...for a build file ? What are you thinking > > about ? > > > > Maybe it is an over reaction on my part.
uh, I just realized my latest question could be interpreted agressively. it's not the case. I was just asking if you had something in mind in particular. > My point is that we are talking about downloading code and running it > within Ant's VM which is completely trusted. In the last few > days there > has been discussion on bugtraq about the weaknesses in Apple's OSX > software update mechanism. It seems to me that simple jar downloading > would be susceptible to the same issues unless some precautions are > taken. We are not signing jars currently, for example. Yep, agreed, maybe it would be nice to do so... > So, non-issue? Perhaps. If you already thought about it, it should not be a problem, but then again we are all guilty due to the jars that float around without version nor without signing...there's a long way to go for Java versioning :-( -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
