On 03/10/2008, Brian E. Fox <[EMAIL PROTECTED]> wrote: > > >We don't have to. We can simply mandate that every ASF project sign > their > >artifacts and charge the Maven PMC with enforcing it. > > > And are you going to lobby FireFox and Microsoft to enforce in their > browsers?
Microsoft already *does* check signatures for ActiveX addons. > Seriously why is this Maven's problem simply because it > downloads it when you can't enforce this in any other method that people > download it? > There is a big difference between using a browser to download a specific file chosen by the user and Maven downloading some file automatically. > > >On the other hand, imagine the fun when > >someone puts a nice bit of malware into the security-free zone known as > the > >Maven repository. > > > Security Free? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]