incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niclas Hedhman <>
Subject Re: Killing the incubator m2 repository
Date Sat, 17 Mar 2007 02:51:11 GMT
On Friday 16 March 2007 11:37, Noel J. Bergman wrote:
> As I read it, Maven will REQUIRE each user to trust each
> artifact by approving the signing key.

Can't be serious...
Larger integration projects has hundreds if not thousands of artifacts, and 
often with update cycles of 'daily' if not hourly somewhere in the chain. I 
assume each signatory is only approved once, but even then we are talking 
many dozens and with changes down the line all the time.

To me this solution sounds stupid, as it doesn't scale. Maven should require 
that the host trust the signer and the user trust the host. Otherwise, way 
too much work for the user...

/me crawls back under the rock...


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message