On Friday 16 March 2007 11:37, Noel J. Bergman wrote: > As I read it, Maven will REQUIRE each user to trust each > artifact by approving the signing key.
Can't be serious... Larger integration projects has hundreds if not thousands of artifacts, and often with update cycles of 'daily' if not hourly somewhere in the chain. I assume each signatory is only approved once, but even then we are talking many dozens and with changes down the line all the time. To me this solution sounds stupid, as it doesn't scale. Maven should require that the host trust the signer and the user trust the host. Otherwise, way too much work for the user... /me crawls back under the rock... Cheers Niclas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]