Hashes are already in the catalog. AFAIK Apache infra requires their
existence. Right now we are on SHA512
On 5/23/19 11:20 AM, Neil C Smith wrote:
On Thu, 23 May 2019 at 19:06, Laszlo Kishalmi <[email protected]> wrote:
What do we know about the NBM signing inside of Apache?
Tangentially related I know, but I've wondered whether we should also
have a file hash in the catalog and validate that as well? And of
course, longer term we'll also have reproducible NBM builds! :-)
Hash would definitely be good for validating third-party plugins too
if they're hosted elsewhere from the plugin manager catalog.
Best wishes,
Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
