Return-Path: Delivered-To: apmail-incubator-general-archive@www.apache.org Received: (qmail 84024 invoked from network); 31 May 2008 05:54:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 May 2008 05:54:26 -0000 Received: (qmail 9591 invoked by uid 500); 31 May 2008 05:54:27 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 9428 invoked by uid 500); 31 May 2008 05:54:27 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 9417 invoked by uid 99); 31 May 2008 05:54:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 May 2008 22:54:27 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of robertburrelldonkin@gmail.com designates 209.85.200.172 as permitted sender) Received: from [209.85.200.172] (HELO wf-out-1314.google.com) (209.85.200.172) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 May 2008 05:53:39 +0000 Received: by wf-out-1314.google.com with SMTP id 28so177207wff.21 for ; Fri, 30 May 2008 22:53:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=OmPyWyYzWMZHZQrREAp5527yGpszgbe6Jf+UKiQefb0=; b=Ef5Bm5ritu2hZkat5W99KWwtT7UrYOcSRDtlL8/mmoZSvsXb4ntaH3ETJaNIS6upqnX+scwtAwu3I0h7ugGipDzrr4nISkq7lTrHvQF/NdFsFOJFQqjkAh67u8N5NHdrBQ5o0RWc/0JyvVATvmLsIAqxVaZzL3Wz1MgtNn0kTCk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UacY7VD/mbL9j9qDYO+7bhBOrURSkTs8/6yLkjlDtBXN9aCBvm8iqTHczZJlbUIMJfEd3tZ7FrcYnSGOm/PbC4/VdYQ9pqwot6X2fcqsjNueKbI9iDu+yMUaOt43HQQd6jhTCKG7LQ7XI3ZWP6PfsPYXAekMFnzAh2ZoqwYkjDA= Received: by 10.143.6.19 with SMTP id j19mr2505881wfi.330.1212213235733; Fri, 30 May 2008 22:53:55 -0700 (PDT) Received: by 10.143.123.3 with HTTP; Fri, 30 May 2008 22:53:55 -0700 (PDT) Message-ID: Date: Sat, 31 May 2008 06:53:55 +0100 From: "Robert Burrell Donkin" To: general@incubator.apache.org Subject: Re: maven repository In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <9e3862d80805301916q4554755fl1662c385929c5d48@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org On Sat, May 31, 2008 at 3:30 AM, Noel J. Bergman wrote: > Brett Porter wrote: > >> Noel J. Bergman: >> > I really don't care what cuts across the grain of Maven. I do care > about >> > the established principle that people must make a deliberate decision to > use >> > Incubator artifacts. If Maven would finally support enforcing signing > of >> > artifacts, as they have been asked to do for years, we could use an >> > Incubator-specific signing key, forcing people to approve the use of >> > Incubator artifacts, regardless of download location. > >> You're asking for it to enforce the use of signed artifacts out of the >> box, not enforce signing. > > Yes. As noted in my reply to Brian E. Fox in his renamed thread "enforced > signing of artifacts". i've talked at length about this before (IIRC with brett and others) and done quite a bit of thinking. it is a much more general issue than just maven. one signature isn't good enough. it would be good for maven to lead the way but IMO we need a comprehensive solution for all apache releases. - robert --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org