incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: status of PGP support in Maven
Date Fri, 03 Oct 2008 20:03:02 GMT
On 03/10/2008, Brian E. Fox <brianf@reply.infinity.nu> wrote:
>
>  >We don't have to.  We can simply mandate that every ASF project sign
>  their
>  >artifacts and charge the Maven PMC with enforcing it.
>
>
> And are you going to lobby FireFox and Microsoft to enforce in their
>  browsers?

Microsoft already *does* check signatures for ActiveX addons.

>  Seriously why is this Maven's problem simply because it
>  downloads it when you can't enforce this in any other method that people
>  download it?
>

There is a big difference between using a browser to download a
specific file chosen by the user and Maven downloading some file
automatically.

>
>  >On the other hand, imagine the fun when
>  >someone puts a nice bit of malware into the security-free zone known as
>  the
>  >Maven repository.
>
>
> Security Free?
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>  For additional commands, e-mail: general-help@incubator.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message