true. these are the reasons i voted the way i did. basically throwing
up my hands saying nothing much we can do other than just continue
pissing off our users...I am sure the numerous maven pmc members here
are taking note, but are probably waiting for patches :)
-- dims
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
<[EMAIL PROTECTED]> wrote:
> Davanum Srinivas wrote:
>>
>> Since you are stating facts. Let's make it clear that when someone
>> download the artifacts, there's a good chance that you will see the
>> disclaimers. With maven, we don't. That's the hiccup that caused the
>> policy in place right now and the bruising battle now being fought is
>> caused by the fact that there is no other
>> maven-pmc-blessed-and-approved-way to inform the folks who
>> auto-magically pull dependencies as of this moment and there is not
>> likely to be one in the future AFAICT.
>
> We don't disagree. For that matter, there are licenses, notices and
> other critical information present in maven artifacts which are unlikely
> to be noticed. That's a failure of maven and not germane to this
> discussion, although I certainly hope that maven addresses it! But in
> most cases, the disclaimer was only relevant to the individual developer
> who incited the dependency and triggered a maven build to fetch that
> particular artifact. Our disclaimer is really meaningless to the end
> user of that developer's combined work.
>
> Similarly, the issue of signature validation is a significant flaw which
> I also hope maven addresses even more promptly, and which they are aware
> of. The alternatives are to take down maven until it is secure, or to
> continue to populate maven with various released artifacts. And this too
> isn't germane to the question above, which is;
>
> "Allow extra release distribution channels like the central Maven
> repository?"
>
> If an incubating release is a release, with a specific DISCLAIMER (no
> different than incorporating other NOTICEs or LICENSE), and a specific
> release name format (apache-incubating-{podling}-{rev}), then the Maven
> specific side of this argument should happen on the Maven list, and this
> discussion should finally come to an end.
>
> Bill
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Davanum Srinivas :: http://davanum.wordpress.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
