Many of the projects already deployed are not compatible with central's requirements, including group-ids and signatures. There are other reasons, but that one already makes it impossible. On Sep 26, 2014 10:18 AM, "Mark" <markaddle...@gmail.com> wrote:
> I'm not very familiar with Clojars so please forgive the naive question: > Why not host jar files themsevles on Maven central and Clojars becomes a > catalog of Clojure related artifacts? > > On Friday, September 26, 2014 8:09:55 AM UTC-7, Nelson Morris wrote: >> >> Clojars has become a critical part of the clojure ecosystem. As a small >> sample, it hosts artifacts for: >> >> * Web development - ring, compojure, hoplon, hiccup, enlive, friend, >> immutant >> * Tooling - lein templates/plugins, cider-nrepl, clojure-complete, >> gorilla-repl >> * Clojurescript - lein-cljsbuild, austin, om, reagent, sente >> * Misc - Clojurewerkz projects, storm, incanter, clj-time, cheshire, >> clj-http, >> * Company projects - pedestal, dommy, schema >> >> Vulnerabilities like shellshock and heartbleed always require quick >> response. An insecure clojars service could lead to compromised systems in >> multiple companies, potentially any project that used an artifact from it. >> A similar situation exist for maven central, rubygems, apt, and other >> repositories. >> >> There are other administration tasks such as verifying backups, server >> updates, better response time to deletion requests, and potentially the >> need to handle unexpected downtime. Additionally, development time is >> needed for the releases repo w/ signatures, CDN deployments, additional UI >> work, and more. >> >> Currently clojars is maintained by a collaboration between 3 very spare >> time people. Vulnerabilities get attention due to the damage potential. >> However, being a spare time project many of the other tasks languish until >> required, or wait behind the queue of life's requirements. I'd love to >> change that. >> >> I've been a co-maintainer for clojars for two years. I implemented the >> https deployment, better search, and download statistics for clojars. I've >> handled most of the deletion requests over the past year. I've also got >> work in leiningen including almost everything related to dependency >> resolution and trees. >> >> I want your help. >> >> Do you work at a company that runs clojure in production? Does it have a >> financial interest in a well maintained and secure clojars service? Would >> it be interested in sponsorships, business features, or another arrangement >> that produces value? Then I request you email me. I want to create a >> sustainable path for this critical piece of the clojure ecosystem. >> >> Thanks, >> Nelson Morris >> > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
