Greg Brown wrote: > > Let me attempt to clarify my suggestion. Artifacts would never actually be > submitted to /lib/signed. This would be a "virtual" directory, so to speak. > Unsigned JARs would be deployed to /lib, signed on the fly by the web server, > and cached in /lib/signed.
Given that we run code in process (which becomes more fun with mod_lua) I don't consider that a sufficient security boundary on the signing key.
