Hi, I'm evaluating the Artifactory Pro Power Pack and I have a question about the jar signing feature.
I was able to configure the keystore and assign a key-pair to the repository. When I download a jar from that repository I can see that it is signed. So that aspect is working great! If I now take a look at the timestamp of the manifest.mf file in the signed jar, it seems that this jar has been signed the first time it was requested. Which is fine. If I download the same jar again some minutes later, the timestamp of the manifest.mf file is still equal to the time when it was first requested. Which is exactly what I was hoping for. The question I have now is how Artifactory will behave on a larger time frame? If we download such a signed jar say 1 year after the first download, will it still be equal to the original timestamp of the first downloaded signed jar (assuming the jar or key-pair hasn't changed)? regards, Maarten -- View this message in context: http://forums.jfrog.org/Question-about-automatic-jar-signing-tp5517376p5517376.html Sent from the Artifactory - Users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Automate Storage Tiering Simply Optimize IT performance and efficiency through flexible, powerful, automated storage tiering capabilities. View this brief to learn how you can reduce costs and improve performance. http://p.sf.net/sfu/dell-sfdev2dev _______________________________________________ Artifactory-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/artifactory-users
