[ https://issues.apache.org/jira/browse/MWRAPPER-10?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17223255#comment-17223255 ]
Michael Osipov commented on MWRAPPER-10: ---------------------------------------- Checksums are *not* intended to verify authenticity. > Checksums for maven-dists > ------------------------- > > Key: MWRAPPER-10 > URL: https://issues.apache.org/jira/browse/MWRAPPER-10 > Project: Maven Wrapper > Issue Type: Bug > Reporter: Yannick Menager > Priority: Critical > > Automatically downloading and running software is highly dangerous from a > security point of view. > Wrapper should include the ability to include a checksum and verify the > downloaded zip file -- This message was sent by Atlassian Jira (v8.3.4#803005)