On Monday 21 March 2011 00:32:33 [email protected] wrote: > Addressing security, Maven is a build system, it will not put > anything in your distribution that is not specified by you (even if it > does need to download a whole bunch of files into its repo to do so), so > security should not an issue.
I think toad was originally referring to that maven does not verify the
downloaded archives in any way, so some Mallory could easily cause a Fred
build to be poisoned.
(Other than that I’d really love to see a mavenized version of Fred, I’ve come
to like Maven quite a bit over the last year or two.)
David
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://freenetproject.org/cgi-bin/mailman/listinfo/devl
