On 12/07/2008, at 3:11 AM, David Jencks wrote:
On Jul 11, 2008, at 9:42 AM, Brett Porter wrote:
Hi,
I've wanted to pick up my work on this for some time and was
prodded by the [EMAIL PROTECTED] threads to take another crack at
this.
http://docs.codehaus.org/display/MAVEN/Repository+Security (the
issue and related branches are linked)
<nit-pick>
Are the sample settings in the repo sig policy section backwards?
<releases>
<signaturePolicy>ignore</signaturePolicy> <!-- can be fail
(default), warn or ignore -->
</releases>
<snapshots>
<signaturePolicy>warn</signaturePolicy> <!-- can be fail, warn or
ignore (default) -->
</snapshots>
They're just random samples - the defaults are listed on the right. Do
those look right to you?
Thanks,
Brett
</nit-pick>
david jencks
I've created a couple of branches to try integrating the work again
in as simple and non-intrusive manner (both in code and to the
user) as possible. I already have commons-openpgp in the sandbox
from some time ago to deal with processing the signatures (it
doesn't have any external dependencies other than bouncy castle),
so I'll integrate that.
If anyone else wants to offer feedback or dive in, you're more than
welcome!
Cheers,
Brett
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
