On Tuesday 19 Apr 2011 05:28:59 Ian Clarke wrote: > On Mon, Apr 18, 2011 at 5:01 PM, Ximin Luo <infinity0 at gmx.com> wrote: > > > Also, for the "download everything it needs", how secure is this? Do you > > have > > official documentation that says everything is signed / checksummed? > > > > This is a danger. If someone wants to compromise us, with Maven they just > need to compromise any one of our dependencies. > > We would need to stick to trusted repositories, but switching to Maven would > make development quite a bit easier.
Agreed. If it is secure, it is worth serious consideration. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20110419/883ea4c5/attachment.pgp>
