On Monday 21 March 2011 00:32:33 martin at technomation.net wrote:
> Addressing security, Maven is a build system, it will not put
> anything in your distribution that is not specified by you (even if it
> does need to download a whole bunch of files into its repo to do so), so
> security should not an issue.
I think toad was originally referring to that maven does not verify the
downloaded archives in any way, so some Mallory could easily cause a Fred
build to be poisoned.
(Other than that I?d really love to see a mavenized version of Fred, I?ve come
to like Maven quite a bit over the last year or two.)
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20110323/2ab2a82a/attachment.pgp>
