http://blog.sonatype.com/2014/07/ssl_connectivity_for_central/
--Brian (mobile)
> On Jul 28, 2014, at 11:06 PM, Brian Fox wrote:
>
> We are already in the process of making this open for free to
> everyone. Way back in 2012 the CDN situation was different but we just
> renewed the contract and
Hello,
I have started a POC a while back which can "lock" dependencies by a
special checksum file. However it is not really secure as a plugin, as
you cannot avoid other plugins overwrite yourself.
It is not finished, it was an execise in some internal maven apis:
https://github.com/ecki/lockdep
direct control by Maven while downloading dependencies seems ideal, but I fear
it's hard to have normal users aware of keys and manage it while building
their artifacts
I imagine something useful would be some report too, to display the status of
actual dependencies: imagine adding key referenc
On 29 Jul 2014, at 12:14 pm, Mark Derricutt wrote:
> Hey all,
>
> Just been reading [1] after it was mentioned in both #scala and #clojure on
> irc.freenode.org now, is there anything that can be done to alleviate some of
> these issues?
>
> oss.sonatype.org now requires everything to be GPG
We are already in the process of making this open for free to
everyone. Way back in 2012 the CDN situation was different but we just
renewed the contract and and ssl is part of it. Once this is setup, we
should consider changing the superpom to use ssl by default.
Obviously doing something to vali
Hey all,
Just been reading [1] after it was mentioned in both #scala and #clojure
on irc.freenode.org now, is there anything that can be done to alleviate
some of these issues?
oss.sonatype.org now requires everything to be GPG signed before being
uploaded to central, but I'm not sure about
