On 08.01.2014, at 23:08, Abhijith Chandrashekar <[email protected]> wrote:
> This raises possibilities of a Man-in-the-middle attack compromising the > integrity of the repo or the key or both. The war packages themselves are signed by Kohsuke. You can use the tool 'jarsigner' to verify. Of course, you'd need a secure way to make sure it's actually his signature, but that should be easier than changing the entire distribution chain. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
