Is it possible to publish hash of the new JARs, so at least I can somehow try and verify their integrity? Since it's not packaged in any signed format (RPM, MSI, etc.), it's the least we can do to verify the package authenticity.
Thanks, Y. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
