On Saturday 05 February 2005 03:42, Henri Yandell wrote:
> On Wed, 12 Jan 2005 21:01:41 +, Steve Loughran
>
> <[EMAIL PROTECTED]> wrote:
> > We do need to make it easy to sign stuff.
>
> I'm new to the list, so I could be missing a lot of context.
>
> I think the most important thing to do is t
On Fri, 4 Feb 2005 14:42:54 -0500, Henri Yandell <[EMAIL PROTECTED]> wrote:
> On Wed, 12 Jan 2005 21:01:41 +, Steve Loughran
> <[EMAIL PROTECTED]> wrote:
>
> > We do need to make it easy to sign stuff.
>
> I'm new to the list, so I could be missing a lot of context.
>
> I think the most impo
On Wed, 12 Jan 2005 21:01:41 +, Steve Loughran
<[EMAIL PROTECTED]> wrote:
> We do need to make it easy to sign stuff.
I'm new to the list, so I could be missing a lot of context.
I think the most important thing to do is to make it easy to check the
signature of stuff.
I know this will main
IL PROTECTED]
> Sent: Thu 1/13/2005 2:01 PM
> To: [EMAIL PROTECTED]
> Subject: Re: repo security
>
> > Would we be talking about "gpg --armor --output
> > commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar". Or, is
> > there some other me
> Would we be talking about "gpg --armor --output
> commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar". Or, is
> there some other mechanism we would need to go through?
This is what I'd intended to do in Wagon using Bouncycastle. And as
Steve mentions, it can be at the users discretion:
On Thu, 13 Jan 2005 10:51:30 -0500, Tim O'Brien <[EMAIL PROTECTED]> wrote:
> Steve,
>
> Would we be talking about "gpg --armor --output
> commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar". Or, is
> there some other mechanism we would need to go through?
It would be essential for java
ry 13, 2005 7:20 AM
> To: [EMAIL PROTECTED]
> Subject: Re: repo security
>
> On Thu, 13 Jan 2005 10:29:51 +, Steve Loughran
> <[EMAIL PROTECTED]> wrote:
> > On Thu, 13 Jan 2005 09:26:45 +1100, Brett Porter
> <[EMAIL PROTECTED]> wrote:
> > > Hi Ste
On Thu, 13 Jan 2005 10:29:51 +, Steve Loughran
<[EMAIL PROTECTED]> wrote:
> On Thu, 13 Jan 2005 09:26:45 +1100, Brett Porter <[EMAIL PROTECTED]> wrote:
> > Hi Steve,
> >
> > I'd like to do whatever we can to get better security on this stuff. I
> > just need to get my head around what JAR signi
On Thu, 13 Jan 2005 09:26:45 +1100, Brett Porter <[EMAIL PROTECTED]> wrote:
> Hi Steve,
>
> I'd like to do whatever we can to get better security on this stuff. I
> just need to get my head around what JAR signing provides in
> comparison to key signing, and what impact it might have on existing
>
> One thing I'd like to see is *every* JAR signed w/ certs under a
> single CA, say the Maven one.
Well, we have an ASF CA, which I would trust. Talk with Ben Laurie about
it.
--- Noel
Hi Steve,
I'd like to do whatever we can to get better security on this stuff. I
just need to get my head around what JAR signing provides in
comparison to key signing, and what impact it might have on existing
code. I'll read up on it.
Is there a rough timeframe on the next Ant release so we can
11 matches
Mail list logo