I for one am not very impressed by the generic 'corporate' bogeyman. Many people in corporate environments use maven. It's no more or less scary then any other piece of FOSS. At most, it's a highly efficient engine for sucking in FOSS, and as such might be viewed as increasing the risk of a licensing or even a security incident. Yea, someone could sign up on ossrh, create some sort of trojan horse, and hope that, oh, the Iranian nuclear agency incorporated their artifact.
Some companies feel the need to set up a repo and cautiously populate it with vetted items. I can think of one place where they rebuild everything from source before deploying it there. And no I cannot name it. However, these super-careful folks are not anything like the majority. At the risk of attracting a rain of shoes, my view is that a solution for these environments is a great potential product for, ahem, some company working on commercial applications of Maven. 'Cause people with this attitude have money, cause this attitude leads to many expensive procedures. Unless, of course, some of these companies were willing to assign people to make contributions of solutions in this area. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
