couple of options I'd like some feedback on, as I start rolling out use of these tasks. I'm thinking of extending ant/build.xml to retrieve libraries, and we can even support fetching of things for end users too.
1. should we adopt a default repository, and if so, what one? the maven one? which is hooked off user.dir?
(doing so will force us to modify Get to copy to a temp file in the same dir and rename on success; there is still the JAR-file-in-use problem under windows, but overall stability is improved)
2. Once you have a repository, you need to extract files from it for use in WAR files, etc. Which means
(a) a library policy to create a fileset from the collection
(b) <lib> in WAR/EAR must flatten filesets during copy. There was a bug about this filed; did we fix it? Without this you cannot handle a fileset of JARs in different directories.
3. I'm also still worried about security. There is MD5 checking, but I'd also like a policy that uses the new signature checking code to verify that the libs are signed by people you trust. I know the maven repos are not so signed, but we can start.
Note that once you start sealing things, java doesnt like loading stuff into the same package. I think you can sign stuff without sealing, but i'll need to check. you couldnt load the ant-optional-package stuff or do junit testing if these jar files were sealed.
-steve
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
