Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Fingerprint verification for jetty-uber jar from maven
Maven central artifacts are the canonical artifacts of Jetty, signatures on those artifacts can be validated via pgp.

On Friday, May 20, 2016, Bharathi Sivaramakrishnan <bharathi.sivaramakrishnan@xxxxxxxxxx> wrote:

 

Hello,

We intend to deploy our application using embedded jetty, and I was reading through the instructions at:  http://www.eclipse.org/jetty/documentation/current/advanced-embedding.html, which recommends downloading the jetty-uber jar from maven.

 

I was wondering if there is a way to get some sort of fingerprint from eclipse.org to verify the maven download is the official one. Is there a way to verify that the bits that come from maven haven’t been tampered with by someone operating a maven repo or mirror?

 

Thanks,

Bharathi Sivaramakrishnan

(Principal Member of Technical Staff, Oracle Corporation)



--
--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

Back to the top