Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How can I validate that the objects used by BuildForge match specified certificates ?

Hi all,

Our organization currently has control of source code and objects through (RTC). We have created a Build Forge project that connects to (RTC) to extrac the objects needed for deployment. The security department has a need to validate that the objects used in the deployment are equal to the certificates. How I can do this? What techniques used by businesses that use Build Forge and (RTC) to meet the needs  of the
security department?

Thanks in advance

0 votes

Comments

I'm not quite sure I understand. Are you saying you want to confirm that the object getting loaded from Jazz into Build Forge is the correct object? Would the SSL connection between RTC and BF be enough for that situation? I'm not sure exactly how else you would confirm that the object deployed is the same object in Jazz. The SSL connection would ensure that you are loading from the correct server, but I don't know how you would get granular enough to confirm the object is the same.



3 answers

Permanent link
Hi Spencer,

To give a more specific example: We have two streams in RTC, Quality and Pre-production, this is the setting of the streams:

Stream Quality
         Components(Source)

         Components(Object)


Stream Pre-production
         Components(Source)
         Components(Object)

The Quality Team download the Object(s) to certify from the stream Quality. Then begin the quality test to verify that the objects operating according to the request. When this objects are certify the changeset from Quality Stream is transferred to Pre-Production Stream through (RTC). The security team downloads the objects in the stream Pre-Production and verify that no change in the object. The way manual to do this is verify the date and time of modification of all the objects, but, this date and time is changed by RTC when is downloaded and can't be used. Then,  How we can validate bit to bit that a (ABC.DLL) object in the stream Quality is equal to another (ABC.DLL) object in the stream Pre-Production??? That is my question...

0 votes


Permanent link
 I see now, but I don't know if it is possible to do what you describe in RTC.  It would have to be a SCM command of some kind to compare the objects and I don't know that such a command exists.  The closest thing I think would probably be comparing the checksum of the two class files, but that wouldn't be totally bulletproof.

0 votes


Permanent link
How I can do this? i dont have idea -> "I think would probably be comparing the checksum of the two class files"

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,019
× 1,202

Question asked: Jul 02 '12, 4:32 p.m.

Question was seen: 5,125 times

Last updated: Jul 17 '12, 9:42 a.m.

Confirmation Cancel Confirm