What about having an XML description of the contents of a repository?
Such a description could serve multiple purposes, it could be used to
enumerate known mirrors, it could be used to segment the "namespace" -
say we reach some agreement with Sun and all sun artifacts fall into a
namespace of sun-* and must be redirected to a Sun server, etc. This
XML file could be used by tools that want to provide a list of every
What if every Maven repository knew of every other Maven repository
because they all shared a common resolution.xml file (think /etc/hosts
before the existence of DNS - hackish but it worked).
> -----Original Message-----
> From: Brett Porter [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 05, 2005 6:43 AM
> To: [EMAIL PROTECTED]; Steve Loughran
> Subject: Re: Maven and [EMAIL PROTECTED]
> > I'll be the Ant rep.
> Great, thanks.
> > I am co-author of the (still stabilising) Ant <libraries> task; it'd
> yeah, I've got to 50 mail threads sitting flagged in gmail to
> read one day, as this is about the extent of what I know
> about it :) (after you introduced it to repository@ last year)
> > 1. security. this could be with MD5 checksums, or it could be with
> > signed JARs.
> MD5's aren't going to do much for security - they're mainly
> for download integrity. checking and publishing ASC files is
> a definite want I have, and that can be ramped up to the
> level of security you need (there are obviously varying
> levels of trust of the files and the KEYS themselves).
> > JAR signing needs retrofitting to existing files, but has the
> > advantage that JVMs integrate with it and you can do other tricks
> > (like put http://ibiblio.org.../artifact.jar on the classpath with
> > security turned on)
> That I haven't looked into, but would also be a good, but
> optional feature. I think this is more of a build feature
> than a repository feature? In fact, I'm sure we already do
> this for JNLP.
> > 2. licenses. not just auto-download of .LICENSE files, but ideally
> > some way to do click-through that even Sun are happy with.
> Yeah, there's a low hundreds JIRA entry for that (ie OLD :) I
> think even that wouldn't fly with Sun IIRC but it doesn't hurt to ask.
> Should be easy to add hooks and allow a user to say "never
> ask again for this license" to always accept ASL or
> something, but still report the license on download.
> Good ideas and reminders - keep them coming, and I'll put all
> this together on the wiki tomorrow-ish.