We have just upgraded to the latest version of Archiva and I have a
couple of security questions.
1. In the previous release we added our archiva repository to our
~/.m2/settings.xml as a mirror.
...
catchy
EBS Maven Repository Manager
http:///archiva/repository/i
On Wed, 2004-09-29 at 18:38, Helck, Christopher wrote:
> Maven makes it very easy to download and use jars off the web. I think
> this is good, but a security expert has raised some concerns about it.
I remind a discussion about that issue either here or on the developer
list. Maybe you find more
> -Original Message-
> From: Helck, Christopher [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 29, 2004 10:09 PM
> To: Maven Users List
> Subject: RE: Security question about remote repositories.
>
> Ok, in no particular order, and most concerns are not n
Original Message-
From: Carlos Sanchez [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 3:34 PM
To: 'Maven Users List'
Subject: RE: Security question about remote repositories.
Also I'd like to hear those concerns.
> -Original Message-
> From:
Also I'd like to hear those concerns.
> -Original Message-
> From: Helck, Christopher [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 29, 2004 8:39 PM
> To: Maven Users List
> Subject: Security question about remote repositories.
>
>
> Maven makes
Christopher [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 29, 2004 8:39 PM
> To: Maven Users List
> Subject: Security question about remote repositories.
>
>
> Maven makes it very easy to download and use jars off the
> web. I think this is good, but a security ex
Maven makes it very easy to download and use jars off the web. I think
this is good, but a security expert has raised some concerns about it.
Can anyone suggest a set of policies to use when determining which
packages to use and how/when to download them? I'm thinking along the
lines of creating a
