incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting" <jukka.zitt...@gmail.com>
Subject Re: status of PGP support in Maven
Date Fri, 03 Oct 2008 20:18:46 GMT
Hi,

On Fri, Oct 3, 2008 at 4:50 PM, Noel J. Bergman <noel@devtech.com> wrote:
> We don't need for you to implement any "policy" other than the requirement
> for users to approve authorized signing keys.  You simply need to implement
> artifact signing and mandatory authorization, which is why I've moved this
> to the thread Brett started for purposes of discussing signing.

This part of the discussion IMHO doesn't belong here in the Incubator.

You want artifact signing and verification so you can enforce users to
explicitly acknowledge the use of incubating dependencies. I say such
click through is not and should not be needed.

Could we please keep the discussion on that policy decision (click
through or no click through) instead of wondering when and how Maven
will support that out of the box.

BR,

Jukka Zitting

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message