raboof opened a new pull request, #373: URL: https://github.com/apache/maven-site/pull/373
To make it easier for users to understand what to expect, and for security researchers to decide where to focus their efforts. I guess we could add further nuance when describing particular security features (e.g. perhaps we don't have to trust repositories themselves if we closely check the signatures on all downloaded material), but this might be a good starting point for generally setting the right expectations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
