incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: Killing the incubator m2 repository
Date Fri, 16 Mar 2007 03:37:54 GMT
Bruce Snyder wrote:

> Why must it be so difficult for users of the incubating projects?

Because people make the assumption that they can count on ASF projects to
deliver a level of community, quality, and logenvity.  They *count* on us,
and we want to protect them *and* our brand/reputation.

When Maven gets around to finishing
http://docs.codehaus.org/display/MAVEN/Repository+Security+Improvements, it
looks like it ought to address a number of concerns, both inside and outside
the Incubator.  As I read it, Maven will REQUIRE each user to trust each
artifact by approving the signing key.  Then we just need to make sure that
Apache signing keys are not used for signing Incubator artifacts as well.

	--- Noel



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message