Maven central artifacts are the canonical artifacts of Jetty, signatures on those artifacts can be validated via pgp.
On Friday, May 20, 2016, Bharathi Sivaramakrishnan < [email protected]> wrote: > > > Hello, > > We intend to deploy our application using embedded jetty, and I was > reading through the instructions at: > http://www.eclipse.org/jetty/documentation/current/advanced-embedding.html, > which recommends downloading the jetty-uber jar from maven. > > > > I was wondering if there is a way to get some sort of fingerprint from > eclipse.org to verify the maven download is the official one. Is there a > way to verify that the bits that come from maven haven’t been tampered with > by someone operating a maven repo or mirror? > > > > Thanks, > > Bharathi Sivaramakrishnan > > (Principal Member of Technical Staff, Oracle Corporation) > -- -- jesse mcconnell [email protected]
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
