incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henning Schmiedehausen <>
Subject RE: status of PGP support in Maven
Date Mon, 06 Oct 2008 18:37:51 GMT

On Mon, 2008-10-06 at 10:21 -0400, Noel J. Bergman wrote:
> Henning Schmiedehausen wrote:
> > Noel J. Bergman wrote:
> > > We don't have to.  We can simply mandate that every ASF project sign
> their
> > > artifacts and charge the Maven PMC with enforcing it.
> > No. The Maven PMC is charged with developing software for the Apache
> > Maven project.
> You misunderstand.  I mean that the Maven code should enforce
> authentication, not that the Maven PMC must police the repository.

Maven is a modular framework. If you want to enforce such policy, it
should be possible to write plugins to do so. All that is needed is
someone to write them or fund writing. The current Maven group seems to
feel that they don't need them or they are not high on the prio list. So
someone else must do it. This is a do-ocracy. :-) 

> > If we really want to put a distribution policy in place
> > and enforce it, I can see us creating a repository PMC which does this
> We already have that as a subgroup of Infrastructure.  The
> list has existed for *years*.

I know. So why are you bashing the Maven PMC when you mean the
"repository management group"? 


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message