We did not get an answer yet, but Taher suggested another possibility: gradle-repositories-plugin on GitHub. It's not yet evaluated but could be a
workaround, my only concern is stability in time...
Jacques
Le 22/08/2016 à 22:09, Jacques Le Roux a écrit :
Hi Eirik,
We have decided to use notsoserial to provide security for our users
https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability
We recently moved from Ant to Gradle. After this discussion http://markmail.org/message/ppxjeagqrwx6tkj3 (you don't need to read it, just a cross
reference for us ;)) we thought to ask you if you would mind pushing notsoserial to jcenter repo?
The reason is it's better for us to have you taking care of that rather than having to create a fork and update on your changes. I guess it would
help other projects as well. I know some other Top Level Apache Projects (TLP) are also relying on notsoserial.
I hope it's not too much to ask. I saw that you seems to be in vacation https://twitter.com/eirbjo we are not in a hurry (the cinnamon roll seems
quite weird to me :))
Best regards
Jacques
