The issue isn't the build process per say, its the fact that CAS 3.3.5 and earlier were hosted on the Jasig repository. Newer versions are hosted elsewhere (and eventually end up on the central repos). The old Jasig repository was shut down so the CAS 3.3.5 builds have no where to send the data to if they are told to deploy. Reconfiguring the build would have resulted in it being more than just a security fix as well as delayed the patch.
I'll look to see if I can manually upload the jars though. A cursory look doesn't instill much confidence in it working though. Cheers, Scott 2010/8/4 Michael Ströder <[email protected]> > Scott Battaglia wrote: > > The original announcement said due to the new repository switch, we > > can't post those artifacts. > > I'm not familiar with maven and I don't want to just blame the volunteers > doing the work with CAS. But looking at it from an operational point of > view > it's a very unfortunate situation that an important security fix resulting > in > rather minor changes of the code (3.3.5->3.3.5.1) requires a major change > in > the build process. > > After all I'll be able to work around this. But please consider an update > policy within a release series where such an urgent security fix can be > easily > applied by less skilled people by just changing the version numbers in the > pom.xml and then running mvn package. > > Ciao, Michael. > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
