Am 09/29/16 um 19:34 schrieb Christian Schulte: > Am 09/29/16 um 19:13 schrieb Christian Schulte: >> >> I fail to come up with anything more appropriate than DNS TXT records to >> map coordinates/group ids to download locations in combination with >> DNSSEC. It's exactly the model we are heading after. This would make >> signing/hashing superfluous because DNS/DNSSEC would become responsible >> for this. We 'just' need to find a way to ensure that resolving >> artifacts for given coordinates always resolves to the *exact same* >> artifacts. Is the 'recovered artifacts from SCM tags' use case really >> existent? I mean - there is no way to re-release an artifact to central >> using the same coordinates. An artifact at some coordinates is >> considered immutable, isn't it? > > Adding a dependency to something 3rd party is making you *depend* on > that 3rd party. The code produced, the binaries deployed, etc. In a > de-centralized world this just adds a 'the 3rd parties infrastructure' > to this list. Forking means changing the group id decoupling from that > 3rd party. No issue with that. Just mirroring central to somehwere > internal appears incorrect to me.
This also would introduce some kind of 'social fix' because this would force consumers to cooperate with the parties they depend on to avoid forking. Not cooperative, no other way than to fork. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
