[JENKINS-9047] Releases should be GPG/PGP signed - Jenkins JIRA

Details

Either releases or the md5sum of the release should be signed for verification when pulling from a mirror

is duplicated by

JENKINS-9046 Releases should be GPG/PGP signed

Hide

Permalink

R. Tyler Croy added a comment - 05/May/11 5:53 AM

Added the interim board to this issue, while I'm not 100% on how we can do this.

Show

R. Tyler Croy added a comment - 05/May/11 5:53 AM Added the interim board to this issue, while I'm not 100% on how we can do this.

Hide

Permalink

Daniel Beck added a comment - 25/May/14 4:36 PM

Is it not sufficient that the jar contents are signed?

Show

Daniel Beck added a comment - 25/May/14 4:36 PM Is it not sufficient that the jar contents are signed?

Hide

Permalink

Daniel Beck added a comment - 09/Aug/14 8:27 PM

No response to comment asking for additional information in two months, so resolving as Incomplete.

Show

Daniel Beck added a comment - 09/Aug/14 8:27 PM No response to comment asking for additional information in two months, so resolving as Incomplete.