On Jul 11, 2008, at 9:40 AM, Andrus Adamchik wrote:
Hi Jim,
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the "Apache brand" enough to tow the
line.
Did you mean Maven as "Maven repo deployed @Apache" or "Maven the
PMC"? As Noel was talking specifically about the PMC. We can
certainly ban Maven repo use until better security, etc. is
implemented, but I don't think ASF policies apply to the
architecture decisions (good or bad) and development direction of
any given project.
Quite simply, if Maven the PMC (or any PMC) or Maven the repo deployed
at the ASF (or any infra @ASF) is increasing the risks or
exposure of the ASF to security or other related concerns,
then we all should be concerned.
To be more clear: the Maven repo is a *huge* benefit to the
ASF and the entire community. Unless it is done "right", it also has
the potential of exposing the ASF to high risk. That is the
concern that Roy, Noel and Paul appeared to be noting and
one that I am also starting to listen to...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
