Of course, you'd need a secure way to make sure it's actually his
signature, but that should be easier than changing the entire distribution
chain.
That's exactly the problem. Any ideas on how I can do that?
Thanks,
Abhijith
On Sat, Jan 11, 2014 at 1:12 AM, Daniel Beck m...@beckweb.net wrote:
On 08.01.2014, at 23:08, Abhijith Chandrashekar
abhijith.chandrashe...@gmail.com wrote:
This raises possibilities of a Man-in-the-middle attack compromising the
integrity of the repo or the key or both.
The war packages themselves are signed by Kohsuke. You can use the tool
'jarsigner' to verify.
Of course, you'd need a secure way to make sure it's actually his
signature, but that should be easier than changing the entire distribution
chain.
--
You received this message because you are subscribed to a topic in the
Google Groups Jenkins Users group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/jenkinsci-users/3O8vpxrWZH8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Jenkins Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.