Is there a possibility to sign it digitally - as for the linux repositories ?
On Wed, Aug 22, 2012 at 10:12 AM, Fabrizio Giudici < [email protected]> wrote: > On Wed, 22 Aug 2012 09:59:11 +0200, Sander Mak <[email protected]> > wrote: > > For anyone interested in this discussion, I also posted a follow-up on how >> to actually verify Maven dependencies >> http://branchandbound.net/**blog/security/2012/08/verify-** >> dependencies-using-pgp/<http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/> >> The situation is pretty dire as you can see: none of the Maven based build >> tools integrate this verification into their workflow, so it's all manual >> (or use the commercial Nexus Pro repo manager). >> > > Very valuable stuff, Sander. I think that the scripting solution you > propose could be as well used with a free Nexus installation, by having the > script running against the raw filesystem where Nexus stores stuff, with a > crontab. It's not the best approach, of course, but it's the first > automated solution that comes to my mind and provides actual protection. > > The further step could be to provide those functions in a Maven plugin, so > everybody could at least run some security check on his own local repo. > > > -- > Fabrizio Giudici - Java Architect, Project Manager > Tidalwave s.a.s. - "We make Java work. Everywhere." > [email protected] > http://tidalwave.it - http://fabriziogiudici.it > > > -- > You received this message because you are subscribed to the Google Groups > "Java Posse" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to javaposse+unsubscribe@** > googlegroups.com <javaposse%[email protected]>. > For more options, visit this group at http://groups.google.com/** > group/javaposse?hl=en <http://groups.google.com/group/javaposse?hl=en>. > > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
