Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] (Mirror) security


This is probably a silly question but I was wondering how we protect the content of jar files as they are being pulled from mirrors all over the world.

Due to a recent break in the Platform class, I compiled my own version of the Platform class where I re-added the removed method. Then I replaced it in the plugins/o.e.c.runtime jar using 7-zip.

This solved my issue but it also made me wonder how this was protected if some mirror-server user used the same hack to dope our jars.

I assume this is being done by p2 when downloading the jar files by comparing some MDA hash?

Please enlighten me.



Back to the top