On Wed, Sep 17, 2008 at 11:36 AM, Brian E. Fox <[EMAIL PROTECTED]>wrote:
> > >Maven is *too* transparent in what it does: it hides the disclaimer, > >preventing the POLICY of ensuring that users are explicitly aware of > and > >agree to use of Incubator artifacts. > > Maven doesn't *hide* anything, it simply makes requests via http. You > can use your browser to pull stuff from Central, does that mean FF > "hides" things? > Rhetoric. FF doesn't publish the repo. And there's a security model for what is published (plugins) and what is executed (sandboxed JS). > > >If the Maven PMC would get off its collective arse and enforce artifact > >signing, we could put this issue to bed, since users would have to > approve > >the signing keys. > > Seriously, the Maven bashing is getting old. It's open source and I > don't see any patches yet to help out. It's not like we don't do > anything, and as was already pointed out in this thread, work has been > started in several areas to make this happen. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
