Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-04-01 Thread Vincent Ryan
of Ant users. Bye for now. Original Message List: ant-dev Subject:Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java From: Steve Loughran Date: 2005-03-30 9:34:05 Message-ID: <424A728D.7040707 () apache ! org> Kev J

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Steve Loughran
Kev Jackson wrote: Here are my current plans -pull the declaration of , tests, etc. -I'd leave the code over in optional, always excluded, with a "here is why this is broken" comment. Its aim is to warn off others. -Not attempt to use jar signing as a way of verifying JAR downloads in ; this was

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Kev Jackson
Here are my current plans -pull the declaration of , tests, etc. -I'd leave the code over in optional, always excluded, with a "here is why this is broken" comment. Its aim is to warn off others. -Not attempt to use jar signing as a way of verifying JAR downloads in ; this was my plan. Could you

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Steve Loughran
Kev Jackson wrote: Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially "jarsigner -verify" is a worthless piece of junk from the security perspective. Who'd have thought that a commit message would

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-25 Thread Kev Jackson
Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially "jarsigner -verify" is a worthless piece of junk from the security perspective. Who'd have thought that a commit message would have me ROFL! "Worthl

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-24 Thread stevel
stevel 2005/03/24 09:17:09 Modified:src/main/org/apache/tools/ant/taskdefs AbstractJarSignerTask.java VerifyJar.java src/etc/testcases/taskdefs signjar.xml src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Log: Well, a

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 07:36:10 Modified:src/main/org/apache/tools/ant/util JavaEnvUtils.java src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Log: -env util to get an ordered version number, -test of tsa only runs on java1.5+ Revision ChangesPath

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 08:51:42 Modified:src/main/org/apache/tools/ant/taskdefs defaults.properties SignJar.java src/etc/testcases/taskdefs signjar.xml src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Added: src/main/o

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 06:09:06 Modified:.build.xml WHATSNEW docs/manual/CoreTasks signjar.html src/main/org/apache/tools/ant/taskdefs SignJar.java src/etc/testcases/taskdefs signjar.xml src/testcases/org/apache/tools/ant/ta