Hello -
The current binary Freenet distributions contain an unsigned
freenet.jar. I'd recommend that one of the administrator signs
the JAR using a public key certificate verified by a CA.
Otherwise, an evil party could modify the JAR, distribute
it on a "mirror", allowing it to do all kind of evil stuff.
If we would use a JNLP (Java Web Start) enabled deployment,
the code would be automatically verified during startup.
As an alternative, users that have a Java Development Kit
could verify the code's data integrity, using the jarsigner tool.
Karsten Lentzsch
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
