gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: Nightly Builds and Ant
Date Wed, 30 Jun 2004 11:11:10 GMT
On Wed, 30 Jun 2004, Leo Simons <> wrote:

> Ah, right. I have this idea where we build up our own private jar
> repository (currently ~/.ant-basic-profile and
> ~/.maven-basic-profile) that contains the trusted, released versions
> of the libraries.

Uhm, not ideal but it seems I'll have to live with it.

> Stefan Bodewig wrote:
>> What security threat am I missing?
> For example, imagine I was the author of a weird library that some
> weird commons code depended is entirely possible to write a
> task in an ant build.xml file that recompiles a class in tomcat and
> opens a back door. That might take a while to notice."

I see.  Even easier than that, a simple <copy> would do.  Thanks!

Where do we go from here?  Do I give you a list and a shell script to
play with or should I set something (non-cron'ed) up on brutus so you
can have a look at it?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message