Re: Jar tampered while transiting from repository?

Craig S . Cottingham Thu, 25 Aug 2005 08:33:55 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 23, 2005, at 11:23 AM, Martijn Dashorst wrote:
Check the MD5 sum?

Hugues Pisapia wrote:
Is there a way we can be sure that jar files are not tampered whiletransiting from remote repositories to the local repository?

Of course, how much of an assurance is this? If the jar file has beentampered with, couldn't the MD5 sum *also* have been tampered with?


- --
Craig S. Cottingham
[EMAIL PROTECTED]
OpenPGP key available from:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7977F79C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDDeTZEJLQ3Hl395wRAkr2AKDBseUsaoevTI7gQ+5gFhSyRFAW7gCdGxxL
3EpqO5Bs3NWoJG161EaPaTI=
=0sXv
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Jar tampered while transiting from repository?

Reply via email to