2008/5/31 Noel J. Bergman <[EMAIL PROTECTED]>: > Robert Burrell Donkin wrote: > >> it has now been clearly established that we need to move the >> repository. we're now just asking: where? > > As I said, Brett Porter's proposal, made early on in the thread, seemed > satisfactory.
That wasn't a proposal, it's how things are today. My understanding is the following: - releases are published to that repository, not to the rsync repository - "incubating" is in the version, not in any other identifier (since the version is the only thing attached to the release, the rest continue after incubating). - there is no automated rsync to the central repository - the maven repository maintainers don't ban the upload of incubating artifacts to the central repository. > I really don't care what cuts across the grain of Maven. I do care about > the established principle that people must make a deliberate decision to use > Incubator artifacts. If Maven would finally support enforcing signing of > artifacts, as they have been asked to do for years, we could use an > Incubator-specific signing key, forcing people to approve the use of > Incubator artifacts, regardless of download location. You're asking for it to enforce the use of signed artifacts out of the box, not enforce signing. I still think that's some time off from happening, but hey - volunteers are always welcome. I'm more than happy to throw an enforcer rule into the next Maven release that warns users if they are: - using the incubator repository - using an artifact from org.apache.* with version *-incubating. and point them to a URL to learn more. Will that do? > > By the way, there has been some talk in Infrastructure about shutting down > the ASF's repository entirely if Maven does not provide enforcement of > signed artifacts, due to security concerns. Can you point me to the message ID and list? I don't recall it. Thanks, Brett -- Brett Porter Blog: http://blogs.exist.com/bporter/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
