security

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Remove runtime only dependencies to :runtimeApiInfo and :apiMetadata

These are in the core of the Gradle distribution and should always

be available at runtime.

  1. … 67 more files in changeset.
Use --passphrase-fd to supply passphrase to gpg2

  1. … 1 more file in changeset.
Remove unthrown exception declarations and unneeded string escapes

Convert buildSrc to included build and precompile shared code quality plugins

  1. … 886 more files in changeset.
Apply the 'classycle' plugin consistently to all projects (#12849)

Existing cycles are now explicitly excluded in the corresponding

build scripts and are thus more visible. They may or may not be

improved on when working on the corresponding project.

  1. … 90 more files in changeset.
Apply the 'classycle' plugin consistently to all projects

Existing cycles are now explicitly excluded in the corresponding

build scripts and are thus more visible. They may or may not be

improved on when working on the corresponding project.

  1. … 90 more files in changeset.
Apply the 'classycle' plugin consistently to all projects

Existing cycles are now explicitly excluded in the corresponding

build scripts and are thus more visible. They may or may not be

improved on when working on the corresponding project.

  1. … 90 more files in changeset.
Move projects to right groups

  1. … 6 more files in changeset.
Move projects to right groups

  1. … 5 more files in changeset.
Move projects to right groups

  1. … 6 more files in changeset.
Move projects to right groups

  1. … 6 more files in changeset.
Move projects to right groups

  1. … 6 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 142 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 141 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Clean up subproject grouping in gradle build

  1. … 143 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

  1. … 11 more files in changeset.
Add support for key fingerprints

In order to provide maximum security, it's now possible to use full key

fingerprints, in addition to long (64-bit) key ids, in trusted or ignored

keys.

It doesn't matter what format is used: if a trusted key uses a long id,

then it's possible that if there's a key collision, an artifact would be

trusted even if it shouldn't. If a fingerprint is used instead, then we

would use the full fingerprint for verification.

It's worth nothing that PGP doesn't provide the full fingerprint in signatures

for the key issuer. This means that when we're going to download keys, we

will still use the long ids.

Fixes #11770

  1. … 11 more files in changeset.
Rework how the keyring file is written

For some reason the previous version is not always

fully re-readable...

  1. … 1 more file in changeset.
Rework how the keyring file is written

For some reason the previous version is not always

fully re-readable...

  1. … 1 more file in changeset.