Comments below Brian Topping wrote: > 2) Authenticity of artifacts is validated by control of DNS. The > current method of getting an artifact into the central repository > isn't scalable. If you know someone well enough, they put your code > into the repository. If you don't know someone, your request gets > put on a list of things to do. It's the way it has to work with a > central repo. But if the repo could be found by DNS resolution, > anyone could publish. It's up to the client to decide if a jar with > <groupId>org.viruswriters</groupId> is safe to depend on, and it can > be resolved without burdening central repository maintainers to > decide whether to publish it since the crew at viruswriters.org could > simply add their external repository to DNS. Done.
I don't think I understand the details of what you're proposing here, but it sounds like you're thinking that the "foo" organization would set up maven.foo.org, and that Maven would automatically fall back to checking maven.foo.org if the central repository was down/unavailable, or if the artifact had simply never been deployed to the central repository. Is that what you have in mind? (Reminds me a little bit of WPAD.) If so, I note that there's only a millimeter of difference between that and simply not having a central repository. (This may be good or bad, depending on your point of view.) If Maven is prepared to *automatically* use these group-name-based repositories, it substantially reduces people's incentive to get on to the central repository to begin with. -Dan _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
