On 4/15/05, Henk P. Penning <[EMAIL PROTECTED]> wrote:
> On Fri, 15 Apr 2005, Steve Loughran wrote:
> > Date: Fri, 15 Apr 2005 13:30:56 +0100
> > From: Steve Loughran <[EMAIL PROTECTED]>
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Maven2 support
> > On 4/15/05, Brett Porter <[EMAIL PROTECTED]> wrote:
> > > > -something with a different .md5 checksum than its real checksum.
> > >
> > > The repository is scanned every 4 hours and repairs missing/broken
> > > md5s (bearing in mind that we don't consider them as a security
> > > option, but a download integrity check)
> > OK, no problem. I'm not actually testing those MD5s, and I have my own
> > tests with different SHA1 and MD5 signatures from what is expected.
> I'm wondering if uploading pgp signatures is still somewhere
> on the agenda. They are important for integrity checks of
> the repository.
> I try to follow your exchanges but I'm afraid it's all
> abacadabra to me.
I'll point you to the code then
the work is done in the library component
and the artifacts themselves
with the various policy classes providing rules about local and remote layout
local: maven1, maven2, flat
remote: maven1, maven2
you can declare a maven2 remote layout and a flat local, maven1 remote
and maven2 local, etc, etc.
A weakness in this design is that the artifacts know about the
transport, and uses URL-derived download; I think a transporter
interface/class would best handle transportation., so we could plug in
multicast sharing etc.
I think i am about to refactor the ant stuff to have a smilarish
design of policy components and a transport,. right now everything is
intermixed into a single repository class.