Hi, On Sun, Sep 28, 2008 at 4:19 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > I'll repeat again. The solution currently imposed is not ideal. It's > not working. Problem is there is no other way.
Thanks for the patience! :-) I'm not that interested in the technical issues. I just don't understand why we'd want users of the example project B to go through extra steps when we don't require that of the users of project A. That's a pure policy issue. All the debate about separate repositories and gpg trust chains is just implementation details. I'm trying to understand the need of such a discriminating policy in the first place, not the mechanisms we could use to implement it. > For folks who are bundling, they can somehow embed that gpg key or > some other way, they can signal maven that it's ok to not prompt the > user again as Project B folks already taking responsibility for those > specific dependencies. If that's OK, i.e. that users of project B wouldn't need to go through extra steps to get the incubating dependencies, then what's the point of having a policy whose main purpose is to make those users go through the extra steps? BR, Jukka Zitting --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
