You could also check the signature against expected release managers or similar.
/Anders (mobile) Den 16 okt 2015 18:56 skrev "Ron Wheeler" <[email protected]>: > Hard to say but checking the checksums from the author's site would be one > way to vet a release from a third party. > Opening the download and looking inside to see that the artifacts are the > ones that you were expecting is less secure but could be part of vetting. > > Ron > > On 16/10/2015 12:33 PM, [email protected] wrote: > >> The Maven Introduction to Repositories documentation contains a section >> that describes setting up an internal repository. >> >> In that section is described an option to manually download and vet >> releases, apparently of a remote repo. >> >> What is meant by "vet"? Can you provide an example of how a repo release >> would be vetted? I suspect this is highly dependent on the intended use of >> the repo, but I'm just trying to get a general idea of what is involved. >> >> Thank you. >> >> Mike >> >> Michael Tarullo >> Contractor (Engility Corp) >> Enterprise Architect >> NSRR System Administrator >> FAA WJH Technical Center >> (609)485-5294 >> >> >> > > -- > Ron Wheeler > President > Artifact Software Inc > email: [email protected] > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
