incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <and...@objectstyle.org>
Subject Re: [DISCUSS] Do we really need an incubator?
Date Fri, 11 Jul 2008 13:40:29 GMT
Hi Jim,

> It's no surprise that Maven chomps at the bit quite a bit regarding
> ASF policies, but values the "Apache brand" enough to tow the
> line.

Did you mean Maven as "Maven repo deployed @Apache" or "Maven the  
PMC"? As Noel was talking specifically about the PMC. We can certainly  
ban Maven repo use until better security, etc. is implemented, but I  
don't think ASF policies apply to the architecture decisions (good or  
bad) and development direction of any given project.

Andrus


On Jul 11, 2008, at 4:23 PM, Jim Jagielski wrote:
> On Jul 9, 2008, at 12:16 PM, Noel J. Bergman wrote:
>>
>> I am forced to agree with Roy on these points.  Until the Maven PMC  
>> stops
>> abrogating its responsibility and addresses the issues, there does  
>> not
>> appear to be anything that we can do about Maven's flaws short of  
>> banning
>> use of the public Maven repositories entirely.
>>
>> Given that I consider promoting Maven's insecurre, uncontrolled, and
>> unmanaged repositories to be at the height of irresponsibility, I  
>> would vote
>> in favor of such a ban -- ASF-wide, not limited to the Incubator --  
>> until
>> Maven's flaws were addressed, but unfortunately, I doubt that there  
>> is a
>> consensus to do so.  At least not until there is an actual exploit  
>> in the
>> wild, at which point the Maven PMC might finally open its eyes in  
>> panic.
>>
>
> And I am forced to agree as well... To be honest, I still at times
> question exactly the "relationship" between the ASF and Maven is.
> It's no surprise that Maven chomps at the bit quite a bit regarding
> ASF policies, but values the "Apache brand" enough to tow the
> line. But IMO it is time for the ASF to see how this is increasing
> the risk and potential for trouble with the whole foundation.


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message