Hi Chad,

2008/7/22 Chad La Joie <[EMAIL PROTECTED]>:
> Thanks Brett, this was the info I was looking for.
>
> The repo security work looks like it's a ways out.  Would you be amenable to
> a patch to the DefaultWagonManager that did PGP signature validation?  My
> current thinking would be to base the code on the bouncycastle PGP support
> (so that PGP isn't required to be installed on the system) and offer a set
> of maven config properties for locating the keyring, whether the signature
> is required, etc.  Famous last words, but it doesn't seem like it should be
> too difficult, looking at the existing code.

Actually, this is the approach I already took. If you take a look at
this branch:
http://svn.apache.org/repos/asf/maven/artifact/branches/MNG-2477
it is already implemented.

I'm currently working through the configuration in this branch:
http://svn.apache.org/repos/asf/maven/components/branches/MNG-2477

Are you interested in taking it for a spin? I'm happy to keep
discussing it here, in the JIRA issue, or even better on
[EMAIL PROTECTED]

Thanks,
Brett

>
> Brett Porter wrote:
>>
>> You might be interested in the work linked from this page:
>> http://docs.codehaus.org/display/MAVEN/Repository+Security
>>
>> It would certainly be a useful addition to add a preliminary check
>> mojo to the existing gpg plugin as well.
>>
>> The code you are referring to is the DefaultWagonManager in
>> maven-artifact (maven-artifact-manager in 2.0.x).
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> [EMAIL PROTECTED], http://www.switch.ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
Brett Porter
Blog: http://blogs.exist.com/bporter/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to