On Fri, 03 Dec 2004 15:29:48 +0000, Steve Loughran <[EMAIL PROTECTED]> wrote: > > > Actually, what I meant to say was "should we have default place on the > local hard disk to store downloaded files", in the maven layout. I know > maven does this, I was just wondering where they did it.
in ~/.maven/repository I have gotten some feedback on this from people who have been using my <dependencies> task for a while. Some people specifically object to this location and wanted to be able to change it. So <dependencies> now (as of 0.4) looks for the system property ant.dependencies.cache and uses that instead if it is defined. > > > > > > 2. Once you have a repository, you need to extract files from it for > > > use in WAR files, etc. Which means > > > (a) a library policy to create a fileset from the collection > > > > > > (b) <lib> in WAR/EAR must flatten filesets during copy. No, you need a flattening mapper - but only if you need to copy the libraries. There may be sound reasons for preserving a hierarchy in a WAR/EAR. For most purposes, <flattenmapper> should suffice. I have defined a <depencies-mapper> which also strips version numbers in case the target has hard-coded its jar dependencies ad doesn't want the names to change with new versions. > > > 3. I'm also still worried about security. There is MD5 checking, but > > > I'd also like a policy that uses the new signature checking code to > > > verify that the libs are signed by people you trust. I know the > > > maven repos are not so signed, but we can start. > > > > +1 to all any any security checks. It probably needs to be repository-dependent. At least that's the way I do it... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
