incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthieu Riou" <>
Subject Re: Incubator Maven repo [WAS Re: [VOTE] [POLICY] Allow extra release distribution channels like the central Maven repository]
Date Wed, 17 Sep 2008 21:08:01 GMT
On Wed, Sep 17, 2008 at 11:36 AM, Brian E. Fox <>wrote:

> >Maven is *too* transparent in what it does: it hides the disclaimer,
> >preventing the POLICY of ensuring that users are explicitly aware of
> and
> >agree to use of Incubator artifacts.
> Maven doesn't *hide* anything, it simply makes requests via http. You
> can use your browser to pull stuff from Central, does that mean FF
> "hides" things?

Rhetoric. FF doesn't publish the repo. And there's a security model for what
is published (plugins) and what is executed (sandboxed JS).

> >If the Maven PMC would get off its collective arse and enforce artifact
> >signing, we could put this issue to bed, since users would have to
> approve
> >the signing keys.
> Seriously, the Maven bashing is getting old. It's open source and I
> don't see any patches yet to help out. It's not like we don't do
> anything, and as was already pointed out in this thread, work has been
> started in several areas to make this happen.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message