On 08:40 Mon 02 May , Kelly O'Hair wrote: > > There has been a request for essentially that, more transparency on these > sources. > The downloads are also painful, I know. > > The issue with these sources is that they are effectively 'generated > sources', transformed > from master sources maintained elsewhere. Having them in the repository is > too tempting > for many developers, changing them either purposely or by accident. > I need a mechanism that keeps these sources protected from any change except > when being > updated by a new delivery from the jaxp team (or jaxws). >
There already is a mechanism... it's called "don't approve such commits". It's especially a problem when it comes to security fixes and the 'fix' is to change one URL to another. > -kto > -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and IcedTea http://www.gnu.org/software/classpath http://icedtea.classpath.org PGP Key: F5862A37 (https://keys.indymedia.org/) Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37