oh, and one more thing.
I dont think security checking of Md5 checksums should be voluntary; it
should be on by default even if we really need https-against-apache.org
verification to be secure. It should be built in to the maven repository
handler, where it is currently stubbed out.
Ideally JAR signing would be even better; even if probably a bit slower
to check.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org
|