Hi Chad, 2008/7/22 Chad La Joie <[EMAIL PROTECTED]>: > Thanks Brett, this was the info I was looking for. > > The repo security work looks like it's a ways out. Would you be amenable to > a patch to the DefaultWagonManager that did PGP signature validation? My > current thinking would be to base the code on the bouncycastle PGP support > (so that PGP isn't required to be installed on the system) and offer a set > of maven config properties for locating the keyring, whether the signature > is required, etc. Famous last words, but it doesn't seem like it should be > too difficult, looking at the existing code.
Actually, this is the approach I already took. If you take a look at this branch: http://svn.apache.org/repos/asf/maven/artifact/branches/MNG-2477 it is already implemented. I'm currently working through the configuration in this branch: http://svn.apache.org/repos/asf/maven/components/branches/MNG-2477 Are you interested in taking it for a spin? I'm happy to keep discussing it here, in the JIRA issue, or even better on [EMAIL PROTECTED] Thanks, Brett > > Brett Porter wrote: >> >> You might be interested in the work linked from this page: >> http://docs.codehaus.org/display/MAVEN/Repository+Security >> >> It would certainly be a useful addition to add a preliminary check >> mojo to the existing gpg plugin as well. >> >> The code you are referring to is the DefaultWagonManager in >> maven-artifact (maven-artifact-manager in 2.0.x). > > -- > SWITCH > Serving Swiss Universities > -------------------------- > Chad La Joie, Software Engineer, Net Services > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland > phone +41 44 268 15 75, fax +41 44 268 15 68 > [EMAIL PROTECTED], http://www.switch.ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Brett Porter Blog: http://blogs.exist.com/bporter/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
