.
Original Message
List: ant-dev
Subject:Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs
SignJarTest.java
From: Steve Loughran stevel () apache ! org
Date: 2005-03-30 9:34:05
Message-ID: 424A728D.7040707 () apache ! org
Kev Jackson wrote
Kev Jackson wrote:
Well, a bit of hackery and you can verify that JAR is signed. But
there is *nothing* to verify that the signature itself is trusted.
Essentially jarsigner -verify is a worthless piece of junk from the
security perspective.
Who'd have thought that a commit message would
Here are my current plans
-pull the declaration of verifyjar, tests, etc.
-I'd leave the code over in optional, always excluded, with a here is
why this is broken comment. Its aim is to warn off others.
-Not attempt to use jar signing as a way of verifying JAR downloads in
libraries; this was my
Kev Jackson wrote:
Here are my current plans
-pull the declaration of verifyjar, tests, etc.
-I'd leave the code over in optional, always excluded, with a here is
why this is broken comment. Its aim is to warn off others.
-Not attempt to use jar signing as a way of verifying JAR downloads in
Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially jarsigner -verify is a worthless piece of junk from the security perspective.
Who'd have thought that a commit message would have me ROFL!
stevel 2005/03/24 09:17:09
Modified:src/main/org/apache/tools/ant/taskdefs
AbstractJarSignerTask.java VerifyJar.java
src/etc/testcases/taskdefs signjar.xml
src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java
Log:
Well,
stevel 2005/03/23 06:09:06
Modified:.build.xml WHATSNEW
docs/manual/CoreTasks signjar.html
src/main/org/apache/tools/ant/taskdefs SignJar.java
src/etc/testcases/taskdefs signjar.xml
stevel 2005/03/23 08:51:42
Modified:src/main/org/apache/tools/ant/taskdefs defaults.properties
SignJar.java
src/etc/testcases/taskdefs signjar.xml
src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java
Added:
stevel 2005/03/23 07:36:10
Modified:src/main/org/apache/tools/ant/util JavaEnvUtils.java
src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java
Log:
-env util to get an ordered version number,
-test of tsa only runs on java1.5+
Revision ChangesPath