Martin Cooper wrote:
> > GUMP builds are deemed non-trusted, since GUMP downloads from
> > non-ASF sites and includes them in builds without any vetting
> > of the third party dependencies.
> True, but it's not clear that everything in the public Maven repo
> should be considered as "vetted" either.
Exactly. Maven continues to be remiss in delivering on their goal of
ensuring authenticated packages. I view anyone who uses the public Maven
repository as being foolish; competent Maven users have their own private
repositories.
And, yes, the corollary that GUMP is building from the latest of everything
is another key reason not to use it for nightly builds.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
