I agree that we're not responsible for those artifacts, but as soon as we uploaded an artifact into our repository we are placing some level of responsibility on ourselves. And since we're going to do that, I think it would be best to not break standard Maven concepts like making a pom available for the jar.
JA-SIG is using Nexus OSS for artifacts, uploading a 3rd party artifact with this tool can easily create a placeholder pom. Anyhow, I think if we're going to say it is wrong for us to generate a pom for an artifact in our own 3rd party repository, then it is also equally wrong to have the artifact there in the first place. I happen to not agree that it is wrong, but think that we should go all the way.. I do have a problem with Internet2 and will request they deploy their 1.1b artifact, however I also have a problem with the half-hearted way we've handled it, too. -Jesse On Mon, May 3, 2010 at 3:36 PM, Scott Battaglia <[email protected]> wrote: > We're not responsible for those artifacts. We can't generate poms for > something we don't own (I mean we could but it would be kind of wrong and > misleading). We have the artifact in there because we need it and its not > available in the public repository. > > If you have issues with OpenSAML, and its deployment into the public > repository, you should contact Internet2. > > Cheers, > Scott -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
