gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Bazley" <s...@apache.org>
Subject Re: legalities of jar publishing
Date Sat, 26 Jun 2004 15:41:43 GMT
----- Original Message ----- 
From: "Stefano Mazzocchi" <stefano@apache.org>
To: "Gump code and data" <general@gump.apache.org>
Sent: Monday, June 21, 2004 8:01 PM
Subject: Re: legalities of jar publishing


> Adam R. B. Jack wrote:
[...]
> I agree with Leo that the problem of jar distribution is absolutely not
> technical, it's legal and security. Gump executes code downloaded from
> repositories that the ASF doesn't consider legally trustful.
>
> say I was the author of a weird library that some weird commons code
> depended on, it is entirely possible to write a task in a build.xml file
> that recompiles a class in tomcat and opens a back door, it might take a
> while to notice.

One of the Gump Wiki pages -
http://wiki.apache.org/gump/BrutusConfig/RequestANightlyBuild - states

"You can set up your own nightly builds in your shell account on minotaur."

Is the output from such builds publishable?

The builds need not automatically fetch software from anywhere but the
Apache CVS, which means that the backdoor scenario above should not happen.

S.



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org


Mime
View raw message