On Monday, February 17, 2014 1:43:55 PM UTC+2, maciej wrote: > > Yaniv Kaul (2014-02-16 08:31): > > Is it possible to publish hash of the new JARs, so at least I can somehow > try and verify their integrity? Since it's not packaged in any signed > format (RPM, MSI, etc.), it's the least we can do to verify the package > authenticity. > > > Execute hash creation in shell job step and just echo it to log. That's > probably the simpliest solution. You could use plugins to push this > information to e.g. build description. > > Nux. > > My fault - I wasn't clear - I meant when new *Jenkins* JARs are released (from jenkins-ci.org ). Y.
On Monday, February 17, 2014 1:43:55 PM UTC+2, maciej wrote: > > Yaniv Kaul (2014-02-16 08:31): > > Is it possible to publish hash of the new JARs, so at least I can somehow > try and verify their integrity? Since it's not packaged in any signed > format (RPM, MSI, etc.), it's the least we can do to verify the package > authenticity. > > > Execute hash creation in shell job step and just echo it to log. That's > probably the simpliest solution. You could use plugins to push this > information to e.g. build description. > > Nux. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
