ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: PGP tasks (was Re: proposed build.xml changes to speed up releases=
Date Wed, 04 May 2005 15:22:42 GMT
On Wed, 4 May 2005, Matt Benson <> wrote:

>> Sounds as if we should make the implementation pluggable in some
>> way, then.  So user can decide whether they want to use JNI over
>> some native lib or Bouncycastle's jars.
> I wasn't really trying to steer towards that; it would
> be possible, but I don't know how much it matters to
> do this.

I'd be content with the Bouncycastle solution myself.  I just tried
their example code and it nicely verified and falsified some
signatures I created with GPG and also correctly signed a file.

Sign and verify tasks would be rather simple, leaving almost
everything to the library - and stealing the rest from their example

> Would we auto-detect by default according to a set preference order,
> as with regex packages?

Yes, that's what I imagined.

> It's too bad our filterchains use only FilterReaders
> so that we are not capable of filtering binary. 

Uhm, true.  And we cannot even fix it without duplicating a lot of
work.  Too bad.

> Defining Ant's PGP support in terms of filtering would
> have been nice.  :(


We also should look into integrating it with <libraries>.  No need to
rely on checksums when you can verify the PGP signature on something.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message