On Tuesday 19 Apr 2011 05:28:59 Ian Clarke wrote: > On Mon, Apr 18, 2011 at 5:01 PM, Ximin Luo <[email protected]> wrote: > > > Also, for the "download everything it needs", how secure is this? Do you > > have > > official documentation that says everything is signed / checksummed? > > > > This is a danger. If someone wants to compromise us, with Maven they just > need to compromise any one of our dependencies. > > We would need to stick to trusted repositories, but switching to Maven would > make development quite a bit easier.
Agreed. If it is secure, it is worth serious consideration.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://freenetproject.org/cgi-bin/mailman/listinfo/devl
