> Of course, you'd need a secure way to make sure it's actually his signature, but that should be easier than changing the entire distribution chain.
That's exactly the problem. Any ideas on how I can do that? Thanks, Abhijith On Sat, Jan 11, 2014 at 1:12 AM, Daniel Beck <m...@beckweb.net> wrote: > On 08.01.2014, at 23:08, Abhijith Chandrashekar < > abhijith.chandrashe...@gmail.com> wrote: > > > This raises possibilities of a Man-in-the-middle attack compromising the > integrity of the repo or the key or both. > > The war packages themselves are signed by Kohsuke. You can use the tool > 'jarsigner' to verify. > > Of course, you'd need a secure way to make sure it's actually his > signature, but that should be easier than changing the entire distribution > chain. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/3O8vpxrWZH8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
