I'm not very familiar with Clojars so please forgive the naive question: Why not host jar files themsevles on Maven central and Clojars becomes a catalog of Clojure related artifacts?
On Friday, September 26, 2014 8:09:55 AM UTC-7, Nelson Morris wrote: > > Clojars has become a critical part of the clojure ecosystem. As a small > sample, it hosts artifacts for: > > * Web development - ring, compojure, hoplon, hiccup, enlive, friend, > immutant > * Tooling - lein templates/plugins, cider-nrepl, clojure-complete, > gorilla-repl > * Clojurescript - lein-cljsbuild, austin, om, reagent, sente > * Misc - Clojurewerkz projects, storm, incanter, clj-time, cheshire, > clj-http, > * Company projects - pedestal, dommy, schema > > Vulnerabilities like shellshock and heartbleed always require quick > response. An insecure clojars service could lead to compromised systems in > multiple companies, potentially any project that used an artifact from it. > A similar situation exist for maven central, rubygems, apt, and other > repositories. > > There are other administration tasks such as verifying backups, server > updates, better response time to deletion requests, and potentially the > need to handle unexpected downtime. Additionally, development time is > needed for the releases repo w/ signatures, CDN deployments, additional UI > work, and more. > > Currently clojars is maintained by a collaboration between 3 very spare > time people. Vulnerabilities get attention due to the damage potential. > However, being a spare time project many of the other tasks languish until > required, or wait behind the queue of life's requirements. I'd love to > change that. > > I've been a co-maintainer for clojars for two years. I implemented the > https deployment, better search, and download statistics for clojars. I've > handled most of the deletion requests over the past year. I've also got > work in leiningen including almost everything related to dependency > resolution and trees. > > I want your help. > > Do you work at a company that runs clojure in production? Does it have a > financial interest in a well maintained and secure clojars service? Would > it be interested in sponsorships, business features, or another arrangement > that produces value? Then I request you email me. I want to create a > sustainable path for this critical piece of the clojure ecosystem. > > Thanks, > Nelson Morris > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
