Stefano Bagnara wrote:
> I just checked and [the Sun and ibiblio jars] don't match!
:-( That's not good.
> The jar distributed by SUN haa signature informations and different
> Manifest (they declare impl: 1.4, specification 1.3).
> The jar found on ibiblio declare 1.4 for both specification and
> implementation.
> If no problem arise I would stick to the ibiblio version
Huh? The author's version and a library's don't agree, and you want the one
from the library? Why? Why would you trust the library? I certainly
don't. We don't know the provenance of the binary, we don't know that it
hasn't been corrupted, tainted, etc.
I'd check with Bill to find out why there is a discrepency.
This is why we require that all release files be signed, so that people can
be assured that they are getting what we have released.
> if we ever will move to [a] build system where we automatically
> download jars we'll use ibiblio, so let's test them.
I would be against automatic downloading that does not verify the
authenticity of the downloaded artifacts.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
