On 4/15/05, Brett Porter [EMAIL PROTECTED] wrote:
On 4/15/05, Steve Loughran [EMAIL PROTECTED] wrote:
Also, and this is just for generic cool demo effects, who can point me
to a good (AWT/swing) app that the repository has?
I'd like to demo the repository as the open source successor
On 4/15/05, Brett Porter [EMAIL PROTECTED] wrote:
-something with a different .md5 checksum than its real checksum.
The repository is scanned every 4 hours and repairs missing/broken
md5s (bearing in mind that we don't consider them as a security
option, but a download integrity check)
On 4/15/05, Henk P. Penning [EMAIL PROTECTED] wrote:
On Fri, 15 Apr 2005, Steve Loughran wrote:
Date: Fri, 15 Apr 2005 13:30:56 +0100
From: Steve Loughran [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Maven2 support
On 4/15/05, Brett Porter [EMAIL PROTECTED] wrote
On Apr 11, 2005 2:02 PM, Brett Porter [EMAIL PROTECTED] wrote:
the smartfrog solution is brute force unforgiving: you must declare
the SHA1 or MD5 value in a download
Right... I'm sure users wanting security will put up with a certain
level of pain. I'm still not sure how you securely
On Apr 11, 2005 2:02 AM, Brett Porter [EMAIL PROTECTED] wrote:
one problem I have for both systems is proxies; at work I cant go to
remote http servers without proxy setup. What does maven do?
wagon has a proxy configuration that it passes on to the JDK stuff as
system properties, or to
On Apr 11, 2005 5:27 PM, Brett Porter [EMAIL PROTECTED] wrote:
Sorry, I meant: http.proxyHost, http.proxyPort and counterparts as
standard names.
- Brett
well, you could do, but you need to work out
1. how to set up the options for every app you start on the command line
2. how to set up
On Apr 9, 2005 2:25 AM, Brett Porter [EMAIL PROTECTED] wrote:
1. I see that a Maven2 alpha is out: is it still using the Maven1
repository structure?
News travels fast... I was going to post about that here this morning :)
planetapache.org knows everything :)
New repository:
On Tue, 15 Mar 2005 09:51:54 -0500, Mark Diggory [EMAIL PROTECTED] wrote:
Russell Gold wrote:
On Thu, 10 Mar 2005 20:11:20 +, Steve Loughran
[EMAIL PROTECTED] wrote:
The disadvantages
-no obvious 'latest version' in the repository
-harder to field support calls, what is the hash
I have been talking with the bouncy castle people; they make some good
suggestions. One problem with even including the public cert of Apache
in the ant and maven distros, is that you have to make sure that that
distro isnt subverted first.
I have also been having longer discussions with a
I'm adding JAR signature verification to the ant repository task. this
is not how we can do security on the main repository, but something
third parties may want. And it starts me off on learning about the
relevant APIs.
Its been mentioned that Apache has a certficiate now. Can somebody
post the
On Thu, 13 Jan 2005 10:51:30 -0500, Tim O'Brien [EMAIL PROTECTED] wrote:
Steve,
Would we be talking about gpg --armor --output
commons-foo-1.2.jar.md5.asc --detach-sig commons-foo-1.2.jar. Or, is
there some other mechanism we would need to go through?
It would be essential for java download
On Wed, 05 Jan 2005 09:39:28 +0100, Nicola Ken Barozzi
[EMAIL PROTECTED] wrote:
2) Henk, myself (Maven PMC), Mark Diggory (if available), representative
from interested Apache projects PMC (most likely someone from Ant) get
together to sort out exactly what we think needs doing (we can use the
12 matches
Mail list logo
