+1 On 4 Jun 2016 11:54, "Russel Winder" <rus...@winder.org.uk> wrote:
> On Sat, 2016-06-04 at 10:53 +0200, jim northrop wrote: > > what does this mean to the avg hacker ? do we need to fix our kit > > anyway ? > > > > For those who download and check signatures, SHA1 and MD5 are > unreliable and provide very weak confidence. > > I am not sure what stance Gradle, Maven, and Ant take on signature > checking, do they do any signature checking at all? > > -- > Russel. > > ============================================================================= > Dr Russel Winder t: +44 20 7585 2200 voip: > sip:russel.win...@ekiga.net > 41 Buckmaster Road m: +44 7770 465 077 xmpp: rus...@winder.org.uk > London SW11 1EN, UK w: www.russel.org.uk skype: russel_winder
