On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote: > Similarly, the issue of signature validation is a significant flaw which > I also hope maven addresses even more promptly, and which they are aware > of. The alternatives are to take down maven until it is secure, or to > continue to populate maven with various released artifacts. And this too > isn't germane to the question above, which is;
The signature validation issue has a simple fix which I have already mentioned earlier. I'm not sure why folks continue to think it's still a problem. All the projects need to do is enable a checksum validation plugin, and at least that problem is resolved. -- Regards, Hiram Blog: http://hiramchirino.com Open Source SOA http://open.iona.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
