Okay, so I did some more reading (of the ** manual) and see the checksum policy of "Fail" which can be applied to remote repositories.
What I'm wondering is, does Artifactory validate the PGP signatures of artifacts of downloaded from Maven Central against a public key server? (or can this be configured) Or does this "Fail" policy simply protect against corrupted downloads by validating the checksum from maven central against the locally calculated one? -- View this message in context: http://forums.jfrog.org/Security-Validity-of-Remote-Artifacts-tp7578337p7578345.html Sent from the Artifactory - Users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Artifactory-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/artifactory-users
