On 17/03/2010, at 1:45 AM, Anders Hammar wrote: > To carry on my own thread, would it be possible to bump the dependency to > the maven artifact to version 2.1 or later (for all apache plugins)? > Another solution could be to add dependency management to change the > transitive dependency to wagon to a version with a signature (1.0-beta-3 or > whatever). This could be added to the maven-plugins parent pom.
This might not necessarily play well with Maven 2.0.x users. > > Anyone else that thinks that this dependency in the plugins to Apache > artifacts that aren't signed, is an issue? It's disappointing that they weren't signed and that we still depend on them, but if this concerns you I think your best course of action is to rebuild them from source so that you know exactly what you are getting and use them internally. - Brett -- Brett Porter [email protected] http://brettporter.wordpress.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
