incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: [DISCUSS] Do we really need an incubator?
Date Fri, 11 Jul 2008 13:23:04 GMT

On Jul 9, 2008, at 12:16 PM, Noel J. Bergman wrote:
> I am forced to agree with Roy on these points.  Until the Maven PMC  
> stops
> abrogating its responsibility and addresses the issues, there does not
> appear to be anything that we can do about Maven's flaws short of  
> banning
> use of the public Maven repositories entirely.
> Given that I consider promoting Maven's insecurre, uncontrolled, and
> unmanaged repositories to be at the height of irresponsibility, I  
> would vote
> in favor of such a ban -- ASF-wide, not limited to the Incubator --  
> until
> Maven's flaws were addressed, but unfortunately, I doubt that there  
> is a
> consensus to do so.  At least not until there is an actual exploit  
> in the
> wild, at which point the Maven PMC might finally open its eyes in  
> panic.

And I am forced to agree as well... To be honest, I still at times
question exactly the "relationship" between the ASF and Maven is.
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the "Apache brand" enough to tow the
line. But IMO it is time for the ASF to see how this is increasing
the risk and potential for trouble with the whole foundation.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message