Kev Jackson schrieb:
I don't think that this is the major problem. It's very very very unlikely that anyone would want to tamper with Ant (why bother, a user can always get teh source and build themselves?). The problem is that when using Ant to build new code (and to generate a checksum for that distribution), now you as the developer of new-shiny-applictaion have to decide whether anyone is going to take the time to create a fake version of your app.
Corruption of the new App isn't necessarily the intention of a potential attacker. It's far more interesting,
to intercept passwords passed into ftp, ssh, or scp tasks, spying into the file system accessible
to the ant installation, or even to install malware.
This said, our options to prevent this are very limited, and depend heavily on the
cooperation of ANT users. Or did you ever knew somebody, who checked the
checksums of an ANT distribution contained as convienance in an other system
(e.g. netbeans, or weblogic)?
I want to do signature checking as part of <libraries>, to verify that libraries from a mirror are not subverted.
If we have to rely on JDK crypto only, then SHA-1 is still pretty secure. For now. But we ought to generate any better checksums that later JDKs support.
I'm going to propose on the repository list that we generate multiple checksums/signatures, stick them in an XML file or a properties file (thoughts there?)
-steve
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
