www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Diggory <mdigg...@gmail.com>
Subject Re: security, hashing.
Date Tue, 15 Mar 2005 14:51:54 GMT
Russell Gold wrote:

>On Thu, 10 Mar 2005 20:11:20 +0000, Steve Loughran
><steve.loughran@gmail.com> wrote:
>>The disadvantages
>> -no obvious 'latest version' in the repository
>> -harder to field support calls, "what is the hash of your artifacts"?
>Not to mention, really complicating the job of upgrading to new versions. 
>Is there a danger here of solving the 1% case at the expense of the 99% case?

then you have the version and the hash... Think of the hash as similar "alpha", "beta" or
"rcN" identifiers (isn't it really? Your just identifying this particular "packaging" of axis-0.0.1.).

But then again, this starts to get into the arena of Jar Signing, and there already is facility
for that in Jar Artifacts...

-Mark Diggory

View raw message