Hi toad, do you mean something like that?
https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven Right now, i think it's the only solution voxsim PS Sorry for my disappearance, I just finish yesterday everything for my master degree =P On Fri, Jul 26, 2013 at 3:30 PM, Matthew Toseland <toad at amphibian.dyndns.org > wrote: > We should include JNA so we can use the patch to reduce Freenet's disk I/O > priority on Windows. We can include this via auto-update as a separate jar. > However, the official jar is apparently built via Maven. We could include > the official jar on the theory that while Maven doesn't really meet our > security requirements (there is still no download/compile time verification > of anything?), it's not only our problem if it's compromised. Or we could > try to figure out how to build it without Maven. > > Or perhaps Maven has improved since we last looked into it? IIRC Maven > does some signature verification when you upload to their repository, but > doesn't check signatures or hashes. I'm not sure whether or not it > downloads binary dependencies over plain HTTP or HTTPS? > > https://bugs.freenetproject.org/view.php?id=4982 > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >
