On Fri, 15 Apr 2005, Steve Loughran wrote:

> Date: Fri, 15 Apr 2005 13:30:56 +0100
> From: Steve Loughran <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Maven2 support
>
> On 4/15/05, Brett Porter <[EMAIL PROTECTED]> wrote:
>
> > > -something with a different .md5 checksum than its real checksum.
> >
> > The repository is scanned every 4 hours and repairs missing/broken
> > md5s (bearing in mind that we don't consider them as a security
> > option, but a download integrity check)
>
> OK, no problem. I'm not actually testing those MD5s, and I have my own
> tests with different SHA1 and MD5 signatures from what is expected.

  I'm wondering if uploading pgp signatures is still somewhere
  on the agenda. They are important for integrity checks of
  the repository.

  I try to follow your exchanges but I'm afraid it's all
  abacadabra to me.

  Henk Penning

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
http://www.cs.uu.nl/staff/henkp.html          M [EMAIL PROTECTED]  \_/

Reply via email to