www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <steve.lough...@gmail.com>
Subject Re: Maven and repository@apache.org
Date Wed, 05 Jan 2005 12:28:44 GMT
On Wed, 05 Jan 2005 09:39:28 +0100, Nicola Ken Barozzi
<nicolaken@apache.org> wrote:
> 2) Henk, myself (Maven PMC), Mark Diggory (if available), representative
> from interested Apache projects PMC (most likely someone from Ant) get
> together to sort out exactly what we think needs doing (we can use the
> repository list if appropriate)

I'll be the Ant rep. 

I am co-author of the (still stabilising) Ant <libraries> task; it'd
be nice if we can get the immediate improvements into the repository
when there is time to get the changes into ant before 1.7 ships (which
is not in the immediate future)

> 3) suggest small steps to fix each problem rather than coming up with a
> killer solution that will never get implemented


I'm very interested in 

1. security. this could be with MD5 checksums, or it could be with
signed JARs. JAR signing needs retrofitting to existing files, but has
the advantage that JVMs integrate with it and you can do other tricks
(like put http://ibiblio.org.../artifact.jar on the classpath with
security turned on)

2. licenses. not just auto-download of .LICENSE files, but ideally
some way to do click-through that even Sun are happy with. I was
discussing the latter informally with someone at Sun recently -how
it'd be nice to be able to retrieve files from some Sun server with
the appropriate licenses appearing and needing accepting before the
jar files are decrypted. This would be similar to the licensing stuff
you get in SuSE Linux's package updater, where you have to accept the
licenses for some downloads.

(2) is clearly more complex, lower priority and really needs active
involvement from Sun.


View raw message