www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <steve.lough...@gmail.com>
Subject Re: releases using incubator artifacts
Date Mon, 12 Nov 2007 14:01:40 GMT
On Nov 12, 2007 1:26 PM, Brian E. Fox <brianf@reply.infinity.nu> wrote:
> >wouldn't the resolution failure list the incubator repository?
> No because they added the repo to their pom...which is the danger. Not
> everyone will notice this new repo being used pseudo-silently in their
> build. (and what happens in the future if that url changes or goes away?
> 4.1.1 would forever be broken)

ooh, are you allowed to do that? I can see some interesting security
issues there. subvert a pom and sneak in artifacts from a completely
different repository. nice.

View raw message