hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-3302) Support Maven-based builds
Date Sat, 02 Aug 2008 15:19:44 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-3302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619240#action_12619240
] 

Hiram Chirino commented on HADOOP-3302:
---------------------------------------

I've just created a new maven plugin that will resolve Steve's #1 and #3 objection.  Source
to the new maven plugin can be found here:
https://svn.apache.org/repos/asf/servicemix/maven-plugins/checksum-maven-plugin/trunk

Basically the plugin supports generating a checksum.txt file that is included as part of the
project build.  This file holds all the checksums for the dependencies (includes checksums
for the metadata too) of the project.

It then validates the checksums of the downloaded dependencies against those stored in the
checksum.txt file. 

> Support Maven-based builds
> --------------------------
>
>                 Key: HADOOP-3302
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3302
>             Project: Hadoop Core
>          Issue Type: New Feature
>    Affects Versions: 0.18.0
>            Reporter: Edward J. Yoon
>
> The reasons I would like to use maven are:
> - the possibility to define artifact templates to define a kind of standard layout/design
by artifact
> - it is not necessary for every developer to come up with his own ant build-file and
process
> - the possibility to define and resolve dependencies transitively
> But there are also some disadvantages/concerns I identified:
> Maven is downloading a lot of plugins from a central repository that is not under my
control
> - What's about the licenses of these plugins? How do I know I am allowed to use them
for a commercial product?
> - What's about security? How can I be sure, that the plugins are not manipulated and
contain the original (delivered by the JAR provider for e.g. junit-jar) contents. I observed,
that some plugins didn't pass the md5 checks but have been installed anyway.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message