www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Porter" <brett.por...@gmail.com>
Subject Re: maven2 based releases for the james project and ASF policy
Date Sun, 17 Sep 2006 22:30:21 GMT
On 17/09/06, Stefano Bagnara <apache@bago.org> wrote:
> One of James PMC members is concerned (and we, other PMC member, agree
> on his concerns) about the security issues introduced by downloading
> artifacts from ibiblio or its mirrors, so we are trying to find an
> interim solution while ASF define a common way.

BTW, as I'm sure Noel is listening - I'm still waiting on his feedback
to the proposal I put up specifically about his concerns.

http://docs.codehaus.org/display/MAVEN/Repository+Security+Improvements

On this thread, one gotcha I'll note about using file:/ repositories -
it may be difficult to get them to work as expected in a multiple
module project. They can still work, it just requires redefining them
in all POMs that use it, you can't inherit it with the correct
directory settings.

Thanks,
Brett


>
> Here is what I've proposed:
>
> 1) create a "repository/third-party-m1" folder in our
> svn.apache.org/repos/asf/james repository.
>
> 2) commit there our current third party dependencies (BSD/CDDL/MIT/ASF)
>
> 3) export the content of this repository on a subfolder of our
> james.apache.org website (james.apache.org/repos/third-party-m1 could be
> a good candidate) so that we don't link directly the SVN server but a
> mirrored resource (websites are mirrored, right?)
>
> 4) add this "james.apache.org/repos/third-party-m1" to our main pom
> (overwriting ibiblio).
>
>
> We would still use the 2 ASF-wide maven repositories to publish our
> official release or to read ASF jars and for our snapshots needs.
>
>
> Does ASF policy allow us to do this? WDYT?
>
> Stefano
>
>


-- 
Apache Maven - http://maven.apache.org
"Better Builds with Maven" book - http://library.mergere.com/

Mime
View raw message