Bruce Snyder wrote: > Why must it be so difficult for users of the incubating projects?
Because people make the assumption that they can count on ASF projects to deliver a level of community, quality, and logenvity. They *count* on us, and we want to protect them *and* our brand/reputation. When Maven gets around to finishing http://docs.codehaus.org/display/MAVEN/Repository+Security+Improvements, it looks like it ought to address a number of concerns, both inside and outside the Incubator. As I read it, Maven will REQUIRE each user to trust each artifact by approving the signing key. Then we just need to make sure that Apache signing keys are not used for signing Incubator artifacts as well. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
