What you are telling, it seems, is that there is a key practice at Apaache, amazing!
Signing jars is automated in many tools, including Maven (simply using Ant's signjar, see your .maven/plugins/maven-jnlp-plugin/plugin.jelly, having run the jnlp target once, for an example.
Tomcat jars are a good example of something we'd like to have signed because many people merge it with others (our tomcat.jar contains soooo many other stuffs!).
But be careful with the dozens, you only want to sign what you are producing and expect the things you depend on to be signed by their makers! That shouldn't make dozens, I think. Maybe half a dozen ?
paul
On 17-May-04, at 17:28 Uhr, Shapira, Yoav wrote:
Signing individual jars is an interesting proposition. It needs to be automated, as for a release like tomcat's we're talking about dozens of jars.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
