On 6/2/08, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Robert Burrell Donkin wrote:
>
>> my conclusion was that meta-data signed by [keys in the] WoT would be good
> enough.
>
>> there's no need to distribute a master key
>
> +1
>
>> key management is tricky
>
> Not that tricky. Let's not make as
I don't care about all the transitive deps maven is downloading and
caching in my local repository and I don't expect any maven user to
control the content of its local repository (mine is more than 2 Go
and i've no clue what's inside besides what i directly use). I'm
talking about maven as a buil
Brian E. Fox wrote:
> I think this thread belongs on the Maven lists as it's is only
> tangential to the decision about the incubator repository.
Well, that's not entirely true. It is rather key to a satisfactory
resolution, with the possible exception of some interim measure.
> The process for
William A. Rowe, Jr. wrote:
> Why is it not equally possible to validate against a short list of keys
> (e.g. infra PMC members) and their immediate trust. This is what gpg is
> good at.
First get the code built into Maven for actually checking the signatures and
we're golden, with multiple opt
+1
--kevan
On Jun 2, 2008, at 11:05 AM, Alan D. Cabrera wrote:
Relevant information can be found in:
http://wiki.apache.org/incubator/JSecurityProposal
Regards,
Alan
Robert Burrell Donkin wrote:
> my conclusion was that meta-data signed by [keys in the] WoT would be good
enough.
> there's no need to distribute a master key
+1
> key management is tricky
Not that tricky. Let's not make as if this isn't done routinely elsewhere.
> this is where the complexi
+1
/niklas
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I think this thread belongs on the Maven lists as it's is only
tangential to the decision about the incubator repository.
The process for getting new features included is to write a proposal and
put it on the wiki [1] and then email the dev list to begin a
discussion. There are some good ideas he
I usually like shorter "code names" for JIRA b/c it is easier to
type. For example, when looking up a specific issue number using
search or including in SVN comments during commit.
+1 for JSEC in JIRA
(although jsecurity makes sense for mailing lists)
On Jun 2, 2008, at 12:29 PM, Les Hazl
On Sat, May 31, 2008 at 8:11 PM, Craig L Russell <[EMAIL PROTECTED]> wrote:
>
> On May 30, 2008, at 10:33 PM, Robert Burrell Donkin wrote:
>
>> On Sat, May 31, 2008 at 3:42 AM, Brett Porter <[EMAIL PROTECTED]>
>> wrote:
>>>
>>> 2008/5/31 Brian E. Fox <[EMAIL PROTECTED]>:
Can you elaborate
On Mon, Jun 2, 2008 at 7:29 PM, William A. Rowe, Jr.
<[EMAIL PROTECTED]> wrote:
> Noel J. Bergman wrote:
>>
>> Gilles Scokart wrote:
>>
>>> Noel J. Bergman:
Implement that, and we're fine. We will
require Incubator artifacts to be signed by a designated key available
>>
>> to
>
Noel J. Bergman wrote:
Gilles Scokart wrote:
Noel J. Bergman:
Implement that, and we're fine. We will
require Incubator artifacts to be signed by a designated key available
to
the PMC, and once a user has acknowledged that they accept such
Incubator
signed artifacts, maven can do what it
Gilles Scokart wrote:
> Noel J. Bergman:
> > Implement that, and we're fine. We will
> > require Incubator artifacts to be signed by a designated key available
to
> > the PMC, and once a user has acknowledged that they accept such
Incubator
> > signed artifacts, maven can do what it wants with th
On Sat, May 31, 2008 at 10:20 PM, Henri Yandell <[EMAIL PROTECTED]> wrote:
> To Robert's comment of:
>
> "it has now been clearly established that we need to move
> therepository. we're now just asking: where?"
>
> I question that. We voted at the last time, and it was very clear
> there was no
Guillaume Nodet wrote:
> Maven is just a tool to build something, it's not used to launch a
> process while downloading the binaries at the same time. At the
> end, people check what ends up in their distribution (be it a war
> or a tar.gz) and at this point, they know that there is an incubator
Les Hazlewood wrote:
I prefer JSEC for Jira just because that is what we use now. It has grown
on me ;)
If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
little more digestible (at least in length) than JSECURITY-SUBA, etc.
Yep. We have the same on Directory : DIRSERV
Why would someone care or even see them ? Are you regularly crawling
the maven repo for new artifacts ?
We don't have to be ashamed if a podling does not graduate, so I don't
think we have to try erasing the memory of this podling.
A non graduated podling could still be revived at a later time or
b
Makes sense to me Les.
Alex
On Mon, Jun 2, 2008 at 12:29 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
> I prefer JSEC for Jira just because that is what we use now. It has grown
> on me ;)
>
> If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
> little more digestible (at
I prefer JSEC for Jira just because that is what we use now. It has grown
on me ;)
If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
little more digestible (at least in length) than JSECURITY-SUBA, etc.
Just my .02
On Mon, Jun 2, 2008 at 12:16 PM, Emmanuel Lecharny <[EMAI
On Mon, Jun 2, 2008 at 12:17 PM, Brian E. Fox <[EMAIL PROTECTED]> wrote:
>>Part of the Incubation process is to ensure that there is sufficient
>>community to maintain the code after incubation.
>
>
>>It seems a bad idea to allow artefacts into the main repository where
>>they can become dependenci
>Part of the Incubation process is to ensure that there is sufficient
>community to maintain the code after incubation.
>It seems a bad idea to allow artefacts into the main repository where
>they can become dependencies unless there is some chance that they
>will be maintained.
This is an argum
Les Hazlewood wrote:
Sure, that sounds good to me. I'll update the proposal...
Then maybe JSECURITY for Jira too might be good. Not sure... Depends if
we will have many sub-projects, which might be a good idea, regarding
the various funtionalities.
wdyt ?
--
--
cordialement, regards,
E
On Mon, Jun 2, 2008 at 5:47 PM, sebb <[EMAIL PROTECTED]> wrote:
> On 02/06/2008, Les Hazlewood <[EMAIL PROTECTED]> wrote:
>> That's just the thing though:
>>
>> At the end of the day, the vast majority of TLP end users could care less if
>> the TLP uses an incubator dependency or not, as long as
Sure, that sounds good to me. I'll update the proposal...
On Mon, Jun 2, 2008 at 12:01 PM, Craig L Russell <[EMAIL PROTECTED]>
wrote:
> One more nit comment on the proposal.
>
> The mailing lists proposed are prefixed with jsec, but the project name and
> mailing lists on codehaus.org are "jsecu
One more nit comment on the proposal.
The mailing lists proposed are prefixed with jsec, but the project
name and mailing lists on codehaus.org are "jsecurity".
Shouldn't the aliases in Apache be jsecurity-xxx?
Craig
On May 30, 2008, at 8:45 AM, Alan D. Cabrera wrote:
On May 29, 2008, at
On 02/06/2008, Les Hazlewood <[EMAIL PROTECTED]> wrote:
> That's just the thing though:
>
> At the end of the day, the vast majority of TLP end users could care less if
> the TLP uses an incubator dependency or not, as long as it is Apache 2.0
> compatible and easily available (i.e. in the centr
On Jun 2, 2008, at 8:18 AM, Upayavira wrote:
Please include proposal in this thread so that people don't have to go
externally to see it.
Regards, Upayavira
JSecurityProposal
JSecurity Proposal
Project Name: JSecurity
Introduction
This proposal seeks to create a top-level Apache Softwar
+1
pAUL
On Mon, Jun 2, 2008 at 4:16 PM, Craig L Russell <[EMAIL PROTECTED]> wrote:
> +1
>
> Craig
>
> On Jun 2, 2008, at 8:05 AM, Alan D. Cabrera wrote:
>
>> Relevant information can be found in:
>>
>> http://wiki.apache.org/incubator/JSecurityProposal
>>
>>
>> Regards,
>> Alan
>>
>>
>
> Craig Ru
Please include proposal in this thread so that people don't have to go
externally to see it.
Regards, Upayavira
On Mon, 2008-06-02 at 08:11 -0700, Alan D. Cabrera wrote:
> +1
>
> On Jun 2, 2008, at 8:05 AM, Alan D. Cabrera wrote:
>
> > Relevant information can be found in:
> >
> > http://wiki.a
+1
Craig
On Jun 2, 2008, at 8:05 AM, Alan D. Cabrera wrote:
Relevant information can be found in:
http://wiki.apache.org/incubator/JSecurityProposal
Regards,
Alan
Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:[EMAIL PROTECTED]
P
+1
On Jun 2, 2008, at 8:05 AM, Alan D. Cabrera wrote:
Relevant information can be found in:
http://wiki.apache.org/incubator/JSecurityProposal
Regards,
Alan
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional com
I disagree, the problem is not when using a transitive dependencies.
Maven is just a tool to build something, it's not used to launch a
process while downloading the binaries at the same time. At the end,
people check what ends up in their distribution (be it a war or a
tar.gz) and at this point,
Relevant information can be found in:
http://wiki.apache.org/incubator/JSecurityProposal
Regards,
Alan
That's just the thing though:
At the end of the day, the vast majority of TLP end users could care less if
the TLP uses an incubator dependency or not, as long as it is Apache 2.0
compatible and easily available (i.e. in the central repo). They trust the
TLP to do their due diligence to ensure th
On Mon, Jun 2, 2008 at 10:52 AM, sebb <[EMAIL PROTECTED]> wrote:
> On 02/06/2008, Guillaume Nodet <[EMAIL PROTECTED]> wrote:
>> On Fri, May 30, 2008 at 2:53 PM, Brian E. Fox <[EMAIL PROTECTED]> wrote:
>> >
>>
>> > 1. Incubator releases go into Central
>>
>>
>> +1
>>
>> I think having the "in
On 02/06/2008, Guillaume Nodet <[EMAIL PROTECTED]> wrote:
> On Fri, May 30, 2008 at 2:53 PM, Brian E. Fox <[EMAIL PROTECTED]> wrote:
> >
>
> > 1. Incubator releases go into Central
>
>
> +1
>
> I think having the "incubator" or "incubating" word in the version
> name brings sufficient aware
On Fri, May 30, 2008 at 2:53 PM, Brian E. Fox <[EMAIL PROTECTED]> wrote:
>
> 1. Incubator releases go into Central
+1
I think having the "incubator" or "incubating" word in the version
name brings sufficient awareness to the users.
While ServiceMix was in incubation, we had sometime a hard t
On Fri, May 30, 2008 at 2:53 PM, Brian E. Fox <[EMAIL PROTECTED]> wrote:
>
> 1. Incubator releases go into Central
>
> 2. Regular releases cannot use Incubator artifacts
>
>
>
> Since the whole point of the incubator releases is to get some people to
> use them and prove them out, I say
On May 30, 2008, at 11:38 PM, Matt Hogstrom wrote:
For the most part Geronimo is consumed as a whole and this hasn't
been an issue. For those modules that are re-used there hasn't been
any issues. You need to be aware of that. If they checkout and
build the project locally the artifacts
On May 30, 2008, at 9:59 PM, Matt Hogstrom wrote:
On May 30, 2008, at 8:53 AM, Brian E. Fox wrote:
IMO, things going into the central repository must have their entire
transitive hull available in the central repository. Therefore, we
must
draw one of two conclusions:
1. Incubat
Of course we could do that, and we may have to in order to appease our
community. But we'd prefer not to for simplicity's sake.
On Mon, Jun 2, 2008 at 4:25 AM, Gilles Scokart <[EMAIL PROTECTED]> wrote:
> 2008/5/30 Jeremy Haile <[EMAIL PROTECTED]>:
> > Currently JSecurity has a community, is publ
On 02/06/2008, Henri Yandell <[EMAIL PROTECTED]> wrote:
> On Sun, Jun 1, 2008 at 8:59 AM, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> > Henri Yandell wrote:
> >
> >> Noel J. Bergman wrote:
> >> > I really do not know why we have to revisit this same topic year after
> > year
> >> > after yea
2008/5/30 Jeremy Haile <[EMAIL PROTECTED]>:
> Currently JSecurity has a community, is published to Maven, and does regular
> releases. If joining the incubator meant that we were no longer approved to
> do releases to our community, that seems like a hindrance to adoption. If
> people can no long
On Tue, Apr 22, 2008 at 5:21 PM, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Robert Burrell Donkin wrote:
>
>> i've committed a stripped down template and moved the prose into a
>> guide. this guide is just copy ATM
>
> With all due and sincere respect to Roy, the current IP Clearance form was
> d
44 matches
Mail list logo
