On Wed, 12 Jan 2005 21:01:41 +, Steve Loughran
[EMAIL PROTECTED] wrote:
We do need to make it easy to sign stuff.
I'm new to the list, so I could be missing a lot of context.
I think the most important thing to do is to make it easy to check the
signature of stuff.
I know this will mainly
To: [EMAIL PROTECTED]
Subject: Re: repo security
On Thu, 13 Jan 2005 10:29:51 +, Steve Loughran
[EMAIL PROTECTED] wrote:
On Thu, 13 Jan 2005 09:26:45 +1100, Brett Porter
[EMAIL PROTECTED] wrote:
Hi Steve,
I'd like to do whatever we can to get better security on
this stuff.
I
On Thu, 13 Jan 2005 10:51:30 -0500, Tim O'Brien [EMAIL PROTECTED] wrote:
Steve,
Would we be talking about gpg --armor --output
commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar. Or, is
there some other mechanism we would need to go through?
It would be essential for java download
Would we be talking about gpg --armor --output
commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar. Or, is
there some other mechanism we would need to go through?
This is what I'd intended to do in Wagon using Bouncycastle. And as
Steve mentions, it can be at the users discretion:
PROTECTED]
Subject: Re: repo security
Would we be talking about gpg --armor --output
commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar. Or, is
there some other mechanism we would need to go through?
This is what I'd intended to do in Wagon using Bouncycastle. And as
Steve
One thing I'd like to see is *every* JAR signed w/ certs under a
single CA, say the Maven one.
Well, we have an ASF CA, which I would trust. Talk with Ben Laurie about
it.
--- Noel
