On Tue, 26 Oct 2004 16:14:39 -0400, Russell Gold <[EMAIL PROTECTED]>
wrote:
> On Tue, 26 Oct 2004 00:17:06 +0100, Steve Loughran <[EMAIL PROTECTED]>
wrote:
> >
> > I have just committed a repository task. In theory it will support
> > repositories other than maven, but there is only maven support right
> > now.
> >
> > <getlibraries destDir="${lib.dir}">
> > <mavenrepository/>
> > <library archive="commons-logging"
> > project="commons-logging" version="1.0.1"/>
> > </getlibraries>
>
>
> How does this compare with
> <http://www.httpunit.org/doc/dependencies.html>, which has been listed
> on the external tools page for several weeks - a task which, when I
> offered it two months ago, was rejected with the comment that such
> tasks don't belong in ant proper?
>
I like yours better :)
Seriously, I like how you have done the trick of making the dependency
graph a classpath reference that can be used; very slick. I'd thought of
that, but hadnt put any effort in thinking how to do it.
Also <dependencies> is a better (more declarative) name for what you are
doing.
One thing that I think could also be included is the ability for every
library/dependency to (optionally) declare a resource or class that must
exist. That way you don't just download things, you can probe to verify
that the files are vaguely correct.
I must have missed the info on your task; the only one that I knew about
was the Krysalis work, and of course Maven itself. I wrote this up
fairly quickly and stuck it in to provide a focal point for repository
access; this is also why I checked it in before it was working fully.
Now is the time to fix what I have started; we have until Axis1.7 ships
:)
So if you want to merge what I've done with your code, let's go for it.
Same for anyone else who wants to contribute.
I am particularly worried about security, and would really like to have
the maven checksum verification, with jar signature verification
alongside. What we are going to build is effectively very-very-close to
java webstart, and we don't want to expose too many security risks on
developers' systems. As it stands, a DNS subversion of a major ISP would
let you run malicious code on everyone downstream.
-Steve
ps, gmail ads are pointing me at the fact that InstallShield can now run
ant during the install phase. We really are everywhere :)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
