Henning Schmiedehausen wrote:
> Noel J. Bergman wrote:
> > We don't have to. We can simply mandate that every ASF project sign
their
> > artifacts and charge the Maven PMC with enforcing it.
> No. The Maven PMC is charged with developing software for the Apache
> Maven project.
You misunderstand. I mean that the Maven code should enforce
authentication, not that the Maven PMC must police the repository.
> If we really want to put a distribution policy in place
> and enforce it, I can see us creating a repository PMC which does this
We already have that as a subgroup of Infrastructure. The
[EMAIL PROTECTED] list has existed for *years*.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
