FWIW, I'm aware it's easily feasible to add that checksum validation in a plugin, but you'll still have to repeat the coordinates. And that very thing was my point: I don't think having to repeat those coordinates to add metadata is great.
Not even saying this *must* go in modelVersion 5, I just wanted that debate to happen at least for future reference if people wonder why maven pom can't store that dependency metadata (DRY'ly alongside its data, I mean). Cheers 2014-03-25 6:36 GMT+01:00 Dominik Bartholdi <d...@fortysix.ch>: > > For this, there is already an enforcer rule available: > https://github.com/gary-rowe/BitcoinjEnforcerRules > Domi > > On 24.03.2014, at 20:31, Martijn Dashorst <martijn.dasho...@gmail.com> > wrote: > > > On Mon, Mar 24, 2014 at 8:06 PM, Stephen Connolly < > > stephen.alan.conno...@gmail.com> wrote: > > > >> I see the checksums then as being another potential side artifact... No > >> need for modelVersion 5.0.0 > >> > > > > I see it differently: the checksum validates the GAV coordinates. "I mean > > 'com.example.foo:foo:1.0', specifically verify that it matches this > > signature 'sha1:1234567890abcdef'. > > > > For example, this enables me to check if a different version of an > artefact > > was uploaded to the same GAV than I expected (and reportedly the original > > author too). > > > > A plugin right now could capture them and deploy to repo, and you could > >> have same plugin verify the resolved dependencies against the same file. > >> > > > > This assumes the whole chain of parties is to be trusted. That nobody > will > > try to side-load a version from a different repository. > > > > I find the idea of adding a checksum to a dependency interesting. While I > > don't care for the extra fields in the POM, it opens a better venue of > > vetting the dependencies. > > > > Martijn > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > -- Baptiste <Batmat> MATHUS - http://batmat.net Sauvez un arbre, Mangez un castor !
