> As long as we can pin dependencies with checksums or something to be > sure what jars are used, if nothing else for auditable build purposes, > I'm up for moving. ant does add some complexity because running "ant" > doesn't work without reading the README.building / adding the > dependency-fetching argument.
How about a custom Maven repo with checked/approved dependencies only? Creating a Maven repo is trivial if a Web server is already running; and it can also be done in a GitHub repo - though GitHub certainly wasn't designed for such a use, I know a couple of projects which host their repos this way without problems. Regards, Victor Denisov. _______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
