Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-04-01 Thread Vincent Ryan
. Original Message List: ant-dev Subject:Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java From: Steve Loughran stevel () apache ! org Date: 2005-03-30 9:34:05 Message-ID: 424A728D.7040707 () apache ! org Kev Jackson wrote

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Steve Loughran
Kev Jackson wrote: Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially jarsigner -verify is a worthless piece of junk from the security perspective. Who'd have thought that a commit message would

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Kev Jackson
Here are my current plans -pull the declaration of verifyjar, tests, etc. -I'd leave the code over in optional, always excluded, with a here is why this is broken comment. Its aim is to warn off others. -Not attempt to use jar signing as a way of verifying JAR downloads in libraries; this was my

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-30 Thread Steve Loughran
Kev Jackson wrote: Here are my current plans -pull the declaration of verifyjar, tests, etc. -I'd leave the code over in optional, always excluded, with a here is why this is broken comment. Its aim is to warn off others. -Not attempt to use jar signing as a way of verifying JAR downloads in

Re: cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-25 Thread Kev Jackson
Well, a bit of hackery and you can verify that JAR is signed. But there is *nothing* to verify that the signature itself is trusted. Essentially jarsigner -verify is a worthless piece of junk from the security perspective. Who'd have thought that a commit message would have me ROFL!

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-24 Thread stevel
stevel 2005/03/24 09:17:09 Modified:src/main/org/apache/tools/ant/taskdefs AbstractJarSignerTask.java VerifyJar.java src/etc/testcases/taskdefs signjar.xml src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Log: Well,

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 06:09:06 Modified:.build.xml WHATSNEW docs/manual/CoreTasks signjar.html src/main/org/apache/tools/ant/taskdefs SignJar.java src/etc/testcases/taskdefs signjar.xml

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 08:51:42 Modified:src/main/org/apache/tools/ant/taskdefs defaults.properties SignJar.java src/etc/testcases/taskdefs signjar.xml src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Added:

cvs commit: ant/src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java

2005-03-23 Thread stevel
stevel 2005/03/23 07:36:10 Modified:src/main/org/apache/tools/ant/util JavaEnvUtils.java src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java Log: -env util to get an ordered version number, -test of tsa only runs on java1.5+ Revision ChangesPath