[cross-project-issues-dev] (Mirror) security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[cross-project-issues-dev] (Mirror) security

From: Wim Jongman <wim.jongman@xxxxxxxxx>
Date: Thu, 24 Sep 2020 17:17:55 +0200
Delivered-to: cross-project-issues-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/cross-project-issues-dev>
List-help: <mailto:cross-project-issues-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=unsubscribe>

Hi,

This is probably a silly question but I was wondering how we protect the content of jar files as they are being pulled from mirrors all over the world.

Due to a recent break in the Platform class, I compiled my own version of the Platform class where I re-added the removed method. Then I replaced it in the plugins/o.e.c.runtime jar using 7-zip.

This solved my issue but it also made me wonder how this was protected if some mirror-server user used the same hack to dope our jars.

I assume this is being done by p2 when downloading the jar files by comparing some MDA hash?

Please enlighten me.

Cheers,

Wim

Follow-Ups:
- Re: [cross-project-issues-dev] (Mirror) security
  - From: Thomas Watson
- Re: [cross-project-issues-dev] (Mirror) security
  - From: Ed Merks

Prev by Date: Re: [cross-project-issues-dev] Windowbuilder is broken in the release train
Next by Date: [cross-project-issues-dev] Changes In My Contribution Activity (Help On Orbit)
Previous by thread: [cross-project-issues-dev] Windowbuilder is broken in the release train
Next by thread: Re: [cross-project-issues-dev] (Mirror) security
Index(es):
- Date
- Thread

Breadcrumbs