Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven

From: Bharathi Sivaramakrishnan <bharathi.sivaramakrishnan@xxxxxxxxxx>
Date: Fri, 20 May 2016 16:00:19 -0700 (PDT)
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hello,

We intend to deploy our application using embedded jetty, and I was reading through the instructions at: http://www.eclipse.org/jetty/documentation/current/advanced-embedding.html, which recommends downloading the jetty-uber jar from maven.

I was wondering if there is a way to get some sort of fingerprint from eclipse.org to verify the maven download is the official one. Is there a way to verify that the bits that come from maven haven’t been tampered with by someone operating a maven repo or mirror?

Thanks,

Bharathi Sivaramakrishnan

(Principal Member of Technical Staff, Oracle Corporation)

Follow-Ups:
- Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven
  - From: Jesse McConnell

Prev by Date: [jetty-users] Jetty Release 9.3.9.v20160517
Next by Date: Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven
Previous by thread: [jetty-users] Jetty Release 9.3.9.v20160517
Next by thread: Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven
Index(es):
- Date
- Thread

Breadcrumbs