[jira] [Commented] (MWRAPPER-10) Checksums for maven-dists

Michael Osipov (Jira) Thu, 29 Oct 2020 15:50:25 -0700


    [ 
https://issues.apache.org/jira/browse/MWRAPPER-10?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17223255#comment-17223255
 ]


Michael Osipov commented on MWRAPPER-10:
----------------------------------------

Checksums are *not* intended to verify authenticity.

> Checksums for maven-dists
> -------------------------
>
>                 Key: MWRAPPER-10
>                 URL: https://issues.apache.org/jira/browse/MWRAPPER-10
>             Project: Maven Wrapper
>          Issue Type: Bug
>            Reporter: Yannick Menager
>            Priority: Critical
>
> Automatically downloading and running software is highly dangerous from a 
> security point of view.
> Wrapper should include the ability to include a checksum and verify the 
> downloaded zip file



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (MWRAPPER-10) Checksums for maven-dists

Reply via email to