Welcome! Please see the About page for a little more info on how this works.

GitHub Login

All Activity
Questions
Unanswered
Tags
Ask a Question
About

Authenticate deployed artifacts

0 votes

asked Mar 14, 2018 in tools.deps by jira

clojure-tools artifacts are published unauthenticated, which is a security risk, especially for the linux install.

One simple approach would be to output a checksum file and sign the checksum file. I recommend not signing with openssl or pgp, and deferring to a simple tool like signify.

request
jira

Please log in or register to add a comment.

Please log in or register to answer this question.

2 Answers

0 votes

answered Nov 6, 2018 by jira

Comment made by: jwhitlark

I agree. It would be especially useful to publish it on https://clojure.org/guides/getting_started

The tarball that's downloaded as the base for the script also does not authenticate its source.

Please log in or register to add a comment.

0 votes

answered Jun 26, 2019 by jira

Reference: https://clojure.atlassian.net/browse/TDEPS-69 (reported by gshayban)

Please log in or register to add a comment.

Welcome to Clojure Q&A, where you can ask questions and receive answers from members of the Clojure community.

Related questions

clj -X:deps find-versions prefers git deps if both git and mvn exist
Support of Maven Password Encryption in tools.deps
Using deps/root with local/root
Tools deps perform sanity checking on deps.edn file
Should :deps/prep-lib honor :exec-args in the build alias?

Categories

All categories
Clojure (1.5k)
ClojureScript (612)
ClojureCLR (26)
Contrib libs (726)
- algo.generic (3)
- algo.monads (4)
- core.async (112)
- core.cache (19)
- core.contracts (5)
- core.logic (66)
- core.match (44)
- core.memoize (8)
- core.rrb-vector (13)
- core.typed (33)
- core.unify (7)
- data.avl (1)
- data.codec (3)
- data.csv (12)
- data.finger-tree (1)
- data.fressian (6)
- data.generators (3)
- data.int-map (17)
- data.json (18)
- data.priority-map (4)
- data.xml (24)
- data.zip (4)
- java.classpath (2)
- java.data (12)
- java.jdbc (3)
- java.jmx (6)
- math.combinatorics (5)
- math.numeric-tower (1)
- replicant (0)
- test.check (45)
- test.generative (2)
- tools.analyzer (8)
- tools.build (29)
- tools.cli (8)
- tools.deps (120)
- tools.deps.graph (2)
- tools.emitter.jvm (7)
- tools.gitlibs (4)
- tools.logging (6)
- tools.macro (8)
- tools.namespace (29)
- tools.reader (11)
- tools.tools (2)
- tools.trace (5)
Tools (74)
Meta (19)
Other (93)

Maintained by Cognitect on behalf of the Clojure community

...