Weird, I always thought that for jarsigner to output 'jar verified', the jar I'm checking had to be signed.
On 16.02.2014, at 08:31, Yaniv Kaul <[email protected]> wrote: > Is it possible to publish hash of the new JARs, so at least I can somehow try > and verify their integrity? Since it's not packaged in any signed format > (RPM, MSI, etc.), it's the least we can do to verify the package authenticity. > > Thanks, > Y. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
