www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark R. Diggory" <mdigg...@apache.org>
Subject Re: md5's
Date Wed, 06 Oct 2004 18:08:38 GMT

I really think this is more systemic in terms of the upload behavior of 

The delema is that the general policy in promotion for /dist/ right now 
is that group "writable" on files are very bad. However, as Henk pointed 
out, this doesn't mean you can't take ownership of the jars, it just 
means that Maven needs to be a little more savvy about publishing files.

For instance the artifact publishing plugin could catch this issue: if 
the file isn't group writable and the directory is, then the file should 
just be moved out of the way or deleted and the new file uploaded. It 
will then be owned by the individual who uploaded it. This way we are 
not left guessing who in the group last altered the file which we have 
no way of recording right now when maven uploads a file over an existing 
group writable file.

Ultimately it would, as well, be of great benefit if the artifact 
publishing worked initially in a staging area as not to confuse existing 
  cron jobs attempting to validate md5's on the server. This would 
probably be best served in the systems default tmp directory.


Dion Gillard wrote:
> On Tue, 05 Oct 2004 14:11:03 -0400, Mark R. Diggory <mdiggory@apache.org> wrote:
>>Sigh, yes I did, but it was to allow Dion to take ownership of them, now
>>I see he has not.
> Um, if you want me to change the ownership of some files, just let me
> know. At the moment, group writability is enough from what I
> understand.
> [snip]

Mark Diggory
Open Source Software Developer
Apache Jakarta Project

View raw message