[Cryptography] Oracle discovers the 1990s in crypto
John Ioannidis
jayeye at gmail.com
Mon Jan 23 19:27:43 EST 2017
On Sun, Jan 22, 2017 at 8:05 AM, Jerry Leichter <leichter at lrw.com> wrote:
>
> Anyone want to bet on how many pre-build jar files, signed years ago with
> MD5 or short RSA keys, are out there in Maven repositories, waiting to
> cause build and run-time failures all over the planet? How many of them
> will turn out to have long-lost source trees, or will have source trees
> that can no longer be built because the tooling around them has
> deteriorated?
People who rely on pre-built binaries from maven repos will simply get what
they deserve.
/ji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170123/6a9fced9/attachment.html>
More information about the cryptography
mailing list