verify signatures of downloaded poms and jars

[Igory Lr]

Hello,

I was trying to find if there are some SSL enabled central
repositories but didn't find one. I noticed that there are signatures
for (mostly) every jar and pom file in maven central repository. I
would like to force maven (2/3) to automatically verify signatures of
downloaded files. Is it possible yet?

I guess these are the public keys for maven central
https://svn.apache.org/repos/asf/maven/project/KEYS. Am I right?

Thank you for help.

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: verify signatures of downloaded poms and jars

[Wendy Smoak]

On Thu, Jul 14, 2011 at 8:08 AM, Igory Lr igory...@gmail.com wrote:
 I was trying to find if there are some SSL enabled central
 repositories but didn't find one. I noticed that there are signatures
 for (mostly) every jar and pom file in maven central repository. I
 would like to force maven (2/3) to automatically verify signatures of
 downloaded files. Is it possible yet?

It comes up occasionally, but I don't think anyone has implemented it
yet.  (Or if they have, it hasn't been contributed back.)

 I guess these are the public keys for maven central
 https://svn.apache.org/repos/asf/maven/project/KEYS. Am I right?

Those are only the keys for people who have done releases of Maven
itself (or a plugin.)  You'd need to get the keys for whichever
project you're interested in.

-- 
Wendy

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org