Digital Signature Verification

[Rohit Sethi <rk...@gmail.com>]

Hi all, I wanted to start by thanking you for the amazing work you
have put together. Ant is an awesome project and you should be proud
for the work you've done to put it together. If you've seen a message
like this before it's because I've sent a similar message to the Maven
developer mailing list :)

I wanted to ask quickly if you've had a chance to read this:
http://www.fortify.com/landing/downloadLanding.jsp?path=%2Fpublic%2Ffortify_attacking_the_build.pdf

I think supporting an option to automatically verify signatures for
remote repositories would be an awesome boon for security. Does this
option already exist and I'm just not looking hard enough, or are
there plans to develop this feature in a future release?

Thanks,


-- 
Rohit Sethi
Security Compass
http://www.securitycompass.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org