Re: Java 9 support + HSTS for tomcat.apache.org

2017-10-04 Thread Konstantin Kolinko
2017-09-28 19:56 GMT+03:00 Konstantin Kolinko : > 2017-09-26 11:57 GMT+03:00 Oliver Heister : >> 2. Currently MITM attacks by evil ISPs or WiFi networks are possible >> against people downloading tomcat from >>

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Konstantin Kolinko
2017-09-26 11:57 GMT+03:00 Oliver Heister : > 2. Currently MITM attacks by evil ISPs or WiFi networks are possible > against people downloading tomcat from > http://tomcat.apache.org/download-80.cgi . (The page has links to PGP, md5 > and sha1 hashes for validation, but

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Oliver Heister
> > IMO a remark regarding Java 9 should be added to > > http://tomcat.apache.org/whichversion.html . > > Sounds good. I don't know of anything specific that does NOT work with > Java 9, but markt has been following the pre-releases of Java 9 pretty > closely, and has made adjustments (mostly

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Oliver, On 9/26/17 4:57 AM, Oliver Heister wrote: > I have two suggestions: > > 1. The table on http://tomcat.apache.org/whichversion.html has a > column “Supported Java Versions” which has entries like “8 and > later”. My understanding from e.g.

Java 9 support + HSTS for tomcat.apache.org

2017-09-26 Thread Oliver Heister
Hi all, I have two suggestions: 1. The table on http://tomcat.apache.org/whichversion.html has a column “Supported Java Versions” which has entries like “8 and later”. My understanding from e.g. https://marc.info/?l=tomcat-dev=150617891913261=2 is that currently no stable tomcat release