[ https://jira.jboss.org/jira/browse/JBDS-221?page=com.atlassian.jira.plugi... ] Nick Boldt commented on JBDS-221: --------------------------------- I've opened https://bugs.eclipse.org/bugs/show_bug.cgi?id=269536 to discuss the option of warning people about the installation of unsigned jars (much the same way people are warned to accept a CA for signed jars). As to the pwnage status, that's no longer a problem. 'Scuse my flippancy. :) Signed jars mean different things to different providers (@ Eclipse, "contents are as described" vs. @ Red Hat, "contents are as described and were built following a strictly regimented process to ensure quality"), so for the moment, JBDS won't be doing signed jars, which means we can move forward with provisioning an https-auth'd update site for 2.0.1. For now, https will be a sufficient mechanism for ensuring what you see is what you get. (We do build with a regimented, reproduceable process, but it's not yet aligned with one that will allow for signing... for now, anyway. More to come on that front in future.) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira