The two are different things. I agree about the technical problem (and
can add a dozen of other Maven-related things that drive me crazy as a
user). I don't agree that ignoring this problem by the Maven folks
constitutes a violation of some Apache policy. So let's approach it in
an open source way - try to persuade Maven committers to pay attention
and/or contribute the code to fix the problem. I guess that's what we
are doing already in this thread, but I just wanted to steer clear
from the notion that Maven PMC has an obligation to the ASF to fix it.
Andrus
On Jul 11, 2008, at 4:53 PM, Jim Jagielski wrote:
On Jul 11, 2008, at 9:40 AM, Andrus Adamchik wrote:
Hi Jim,
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the "Apache brand" enough to tow the
line.
Did you mean Maven as "Maven repo deployed @Apache" or "Maven the
PMC"? As Noel was talking specifically about the PMC. We can
certainly ban Maven repo use until better security, etc. is
implemented, but I don't think ASF policies apply to the
architecture decisions (good or bad) and development direction of
any given project.
Quite simply, if Maven the PMC (or any PMC) or Maven the repo deployed
at the ASF (or any infra @ASF) is increasing the risks or
exposure of the ASF to security or other related concerns,
then we all should be concerned.
To be more clear: the Maven repo is a *huge* benefit to the
ASF and the entire community. Unless it is done "right", it also has
the potential of exposing the ASF to high risk. That is the
concern that Roy, Noel and Paul appeared to be noting and
one that I am also starting to listen to...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
