On Wed, Mar 21, 2012 at 4:35 AM, Sascha Scholz <[email protected]> wrote: > Hi, > > On Tue, Mar 20, 2012 at 11:28 PM, Olivier Lamy <[email protected]> wrote: >> BTW do we consider adding a warning in 3.0.5 if id != host and fail in 3.0.6 >> or fail directly in 3.0.5 > > Why not deprecate the id entry then instead of forcing users to set > both to the same value? >
The xml parsing of older maven's isn't flexible enough to allow this. > BTW, I don't see that preemptive authentication makes things worse > regarding security because an attacker could answer with a 401 to get > the credentials even without preemptive authentication. > Correct. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
