On Wed, 24 Dec 2014 03:56:10 +0100, Bernd Eckenfels wrote:
Am Wed, 24 Dec 2014 03:36:42 +0100
schrieb Gilles <gil...@harfang.homelinux.org>:
On Tue, 23 Dec 2014 14:02:40 +0100, luc wrote:
Is there a way to check that the source code referred to above
was the one used to create the JAR of the ".class" files.
[Out of curiosity, not suspicion, of course...]
You can try to build it yourself and compare the binaries. But this
requires the same compiler version on the same OS - and it might
still
create some differences if things like hostnames or timestamps are
involved. (it should be however possible to inspect differences and
see
if they fall in this category).
I was wondering if there is a way that the JAR could include some
signature/checksum of the source code compiled to produce it, something
that would not be different even if checked on different hosts with
different compilers, etc.
Regards,
Gilles
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
