Hello - The current binary Freenet distributions contain an unsigned freenet.jar. I'd recommend that one of the administrator signs the JAR using a public key certificate verified by a CA.
Otherwise, an evil party could modify the JAR, distribute it on a "mirror", allowing it to do all kind of evil stuff. If we would use a JNLP (Java Web Start) enabled deployment, the code would be automatically verified during startup. As an alternative, users that have a Java Development Kit could verify the code's data integrity, using the jarsigner tool. Karsten Lentzsch _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
