I was thinking about the fact that we still build Freenet using the tools that were available to us a decade ago, while the Java world has moved on to more sophisticated dependency management tools like Maven.
I recall that the reason for not using Maven is that it doesn't operate over a secure connection, and it leaves us open to the compromise of any of Freenet's dependencies Maven repositories. This is despite the fact that no such compromise as ever occurred on any project that I'm aware of, and since we don't do code audits of Freenet's current dependencies, our current approach doesn't immunize us against it anyway. However, one approach that might alleviate this concern is that we run our own Maven repository which will host any dependencies we need, and then configure Maven not to pull from the central Maven repos. There is the other issue that Maven can be a PITA to use, however there are similar alternatives: http://www.streamhead.com/maven-alternatives/ Thoughts? Ian. -- Ian Clarke Founder, The Freenet Project Email: [email protected]
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
