On Wed, 01 Dec 2004, Steve Loughran <[EMAIL PROTECTED]> wrote: > 1. should we adopt a default repository, and if so, what one? the > maven one? which is hooked off user.dir?
Probably whatever the [EMAIL PROTECTED] list (that I haven't ever followed) comes up with. I have no idea whether it is alive and what the result could be - I do know that there was some content on the old wiki that needs to get migrated. > 2. Once you have a repository, you need to extract files from it for > use in WAR files, etc. Which means > (a) a library policy to create a fileset from the collection > > (b) <lib> in WAR/EAR must flatten filesets during copy. Why? > There was a bug about this filed; did we fix it? I can't see a bug, maybe a missing feature. > 3. I'm also still worried about security. There is MD5 checking, but > I'd also like a policy that uses the new signature checking code to > verify that the libs are signed by people you trust. I know the > maven repos are not so signed, but we can start. +1 to all any any security checks. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
