incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <>
Subject Re: [DISCUSS] Do we really need an incubator?
Date Fri, 11 Jul 2008 14:06:47 GMT
The two are different things. I agree about the technical problem (and  
can add a dozen of other Maven-related things that drive me crazy as a  
user). I don't agree that ignoring this problem by the Maven folks  
constitutes a violation of some Apache policy. So let's approach it in  
an open source way - try to persuade Maven committers to pay attention  
and/or contribute the code to fix the problem. I guess that's what we  
are doing already in this thread, but I just wanted to steer clear  
from the notion that Maven PMC has an obligation to the ASF to fix it.


On Jul 11, 2008, at 4:53 PM, Jim Jagielski wrote:
> On Jul 11, 2008, at 9:40 AM, Andrus Adamchik wrote:
>> Hi Jim,
>>> It's no surprise that Maven chomps at the bit quite a bit regarding
>>> ASF policies, but values the "Apache brand" enough to tow the
>>> line.
>> Did you mean Maven as "Maven repo deployed @Apache" or "Maven the  
>> PMC"? As Noel was talking specifically about the PMC. We can  
>> certainly ban Maven repo use until better security, etc. is  
>> implemented, but I don't think ASF policies apply to the  
>> architecture decisions (good or bad) and development direction of  
>> any given project.
> Quite simply, if Maven the PMC (or any PMC) or Maven the repo deployed
> at the ASF (or any infra @ASF) is increasing the risks or
> exposure of the ASF to security or other related concerns,
> then we all should be concerned.
> To be more clear: the Maven repo is a *huge* benefit to the
> ASF and the entire community. Unless it is done "right", it also has
> the potential of exposing the ASF to high risk. That is the
> concern that Roy, Noel and Paul appeared to be noting and
> one that I am also starting to listen to...

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message