incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian E. Fox" <>
Subject enforced signing of artifacts, [was maven repository]
Date Fri, 30 May 2008 20:55:22 GMT
>I really don't care what cuts across the grain of Maven.  I do care
>the established principle that people must make a deliberate decision
to use
>Incubator artifacts.  If Maven would finally support enforcing signing
>artifacts, as they have been asked to do for years, we could use an
>Incubator-specific signing key, forcing people to approve the use of
>Incubator artifacts, regardless of download location.

Can you elaborate more on what you mean here? I've been on the Maven PMC
for over a year now and this is the first I've heard of it.

We do support signing of artifacts and all the maven releases are
signed. We obviously don't control all the other Apache projects in a
way to enforce that they sign their artifacts. 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message