Clojars has become a critical part of the clojure ecosystem. As a small sample, it hosts artifacts for:
* Web development - ring, compojure, hoplon, hiccup, enlive, friend, immutant * Tooling - lein templates/plugins, cider-nrepl, clojure-complete, gorilla-repl * Clojurescript - lein-cljsbuild, austin, om, reagent, sente * Misc - Clojurewerkz projects, storm, incanter, clj-time, cheshire, clj-http, * Company projects - pedestal, dommy, schema Vulnerabilities like shellshock and heartbleed always require quick response. An insecure clojars service could lead to compromised systems in multiple companies, potentially any project that used an artifact from it. A similar situation exist for maven central, rubygems, apt, and other repositories. There are other administration tasks such as verifying backups, server updates, better response time to deletion requests, and potentially the need to handle unexpected downtime. Additionally, development time is needed for the releases repo w/ signatures, CDN deployments, additional UI work, and more. Currently clojars is maintained by a collaboration between 3 very spare time people. Vulnerabilities get attention due to the damage potential. However, being a spare time project many of the other tasks languish until required, or wait behind the queue of life's requirements. I'd love to change that. I've been a co-maintainer for clojars for two years. I implemented the https deployment, better search, and download statistics for clojars. I've handled most of the deletion requests over the past year. I've also got work in leiningen including almost everything related to dependency resolution and trees. I want your help. Do you work at a company that runs clojure in production? Does it have a financial interest in a well maintained and secure clojars service? Would it be interested in sponsorships, business features, or another arrangement that produces value? Then I request you email me. I want to create a sustainable path for this critical piece of the clojure ecosystem. Thanks, Nelson Morris -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
