On Wed, Mar 21, 2012 at 4:35 AM, Sascha Scholz <sascha.sch...@gmail.com> wrote: > Hi, > > On Tue, Mar 20, 2012 at 11:28 PM, Olivier Lamy <ol...@apache.org> wrote: >> BTW do we consider adding a warning in 3.0.5 if id != host and fail in 3.0.6 >> or fail directly in 3.0.5 > > Why not deprecate the id entry then instead of forcing users to set > both to the same value? >
The xml parsing of older maven's isn't flexible enough to allow this. > BTW, I don't see that preemptive authentication makes things worse > regarding security because an attacker could answer with a 401 to get > the credentials even without preemptive authentication. > Correct. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org