On Mon, 2008-10-06 at 10:21 -0400, Noel J. Bergman wrote:
> Henning Schmiedehausen wrote:
>
> > Noel J. Bergman wrote:
> > > We don't have to. We can simply mandate that every ASF project sign
> their
> > > artifacts and charge the Maven PMC with enforcing it.
>
> > No. The Maven PMC is charged with developing software for the Apache
> > Maven project.
>
> You misunderstand. I mean that the Maven code should enforce
> authentication, not that the Maven PMC must police the repository.
Maven is a modular framework. If you want to enforce such policy, it
should be possible to write plugins to do so. All that is needed is
someone to write them or fund writing. The current Maven group seems to
feel that they don't need them or they are not high on the prio list. So
someone else must do it. This is a do-ocracy. :-)
>
> > If we really want to put a distribution policy in place
> > and enforce it, I can see us creating a repository PMC which does this
>
> We already have that as a subgroup of Infrastructure. The
> [EMAIL PROTECTED] list has existed for *years*.
I know. So why are you bashing the Maven PMC when you mean the
"repository management group"?
Ciao
Henning
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
