> Our intention is to specifically use this platform to deliver the Xerces-C++ > 3.1.2 NuGet package that we have put together so that users of DNV GL - > Energy software products can have access to it in a public and easily > accessible repository. We would clearly indicate that the package has been > put together with this specific goal in mind, and it is for this target > audience > that we would, indeed, be maintaining it.
Then I don't think anybody would have any objections (and even if they did, the license permits you to, so apart from courtesy (thanks), there's really nothing stopping you. What I would caution you about is simply the security model around this. If somebody were to ask me to obtain a package like this from a source that I had no reason to trust, I would tell them they were crazy. To draw an analogy, people using Maven Central as a source for artifacts but don't constrain the signers of the software they get from it are, well, let's say "ignorant of basic security practice". Without authentication of the source of an artifact (not just authentication of an artifact, and that assumes you are in fact signing and people are in fact verifying that), you have no way to know what somebody might have done to the source. But none of that really pertains to whether you *may* do this: you certainly may. -- Scott --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
