2008/5/31 Brian E. Fox <[EMAIL PROTECTED]>: > Can you elaborate more on what you mean here? I've been on the Maven PMC > for over a year now and this is the first I've heard of it. > > We do support signing of artifacts and all the maven releases are > signed. We obviously don't control all the other Apache projects in a > way to enforce that they sign their artifacts.
Noel is referring to enforcing checking signatures, not signing them. I've had a proposal out there for some time which anyone is free to comment on: http://docs.codehaus.org/display/MAVEN/Repository+Security There hasn't been a lot of traction behind it so far. Ease of use, especially OOTB, is probably one of the main concerns. - Brett -- Brett Porter Blog: http://blogs.exist.com/bporter/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
