How to organize release management to prevent from random package overwriting?

Currently we upload all build artifacts to corporate ftp. Login/password was hardcoded in build scripts. Anyone can replace content on FTP so any dependent project get damaged libs...

I look for software solutions which allow easy right management and data int开发者_运维知识库egrity.

Currently I have some suggestions:

• Sign packages, all dependent package verify signature (this is complicated, what tools to use, GPG? how about GNU Make/ANT support for signing/verifying?)
• Allow upload to release storage only from build machine (through WEB-interface you force the build).

---

Why do you not use systems like Maven? It has good multiversion mechanism and all stuffs what you want