>> Let me attempt to clarify my suggestion. Artifacts would never actually be >> submitted to /lib/signed. This would be a "virtual" directory, so to speak. >> Unsigned JARs would be deployed to /lib, signed on the fly by the web >> server, and cached in /lib/signed. > > Given that we run code in process (which becomes more fun with mod_lua) > I don't consider that a sufficient security boundary on the signing key.
Fair enough. Oh well. It seemed like a good idea, anyways. :-) So, assuming that it is a submit unsigned JAR/receive signed JAR service, how do you envision authentication might work?
