Hi Chad, You might be interested in the work linked from this page: http://docs.codehaus.org/display/MAVEN/Repository+Security
It would certainly be a useful addition to add a preliminary check mojo to the existing gpg plugin as well. The code you are referring to is the DefaultWagonManager in maven-artifact (maven-artifact-manager in 2.0.x). HTH, Brett 2008/7/20 Chad La Joie <[EMAIL PROTECTED]>: > A few months back I asked if there was a Maven plugin for validating PGP > signatures, like those created by the gpg plugin, of downloaded artifacts. > The answer seemed to be "no", so I'd like to try to write such a plugin. > However, this will be my first mojo so I have quite a few (probably stupid) > questions. Could some one point me to the code Maven currently uses to > verify the md5/sha1 hashes for the artifacts so that I could try and start > from there? > > Thanks. > > -- > SWITCH > Serving Swiss Universities > -------------------------- > Chad La Joie, Software Engineer, Net Services > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland > phone +41 44 268 15 75, fax +41 44 268 15 68 > [EMAIL PROTECTED], http://www.switch.ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Brett Porter Blog: http://blogs.exist.com/bporter/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
