On Wed, 05 Jan 2005 09:39:28 +0100, Nicola Ken Barozzi <[EMAIL PROTECTED]> wrote: > 2) Henk, myself (Maven PMC), Mark Diggory (if available), representative > from interested Apache projects PMC (most likely someone from Ant) get > together to sort out exactly what we think needs doing (we can use the > repository list if appropriate)
I'll be the Ant rep. I am co-author of the (still stabilising) Ant <libraries> task; it'd be nice if we can get the immediate improvements into the repository when there is time to get the changes into ant before 1.7 ships (which is not in the immediate future) > 3) suggest small steps to fix each problem rather than coming up with a > killer solution that will never get implemented Agreed. I'm very interested in 1. security. this could be with MD5 checksums, or it could be with signed JARs. JAR signing needs retrofitting to existing files, but has the advantage that JVMs integrate with it and you can do other tricks (like put http://ibiblio.org.../artifact.jar on the classpath with security turned on) 2. licenses. not just auto-download of .LICENSE files, but ideally some way to do click-through that even Sun are happy with. I was discussing the latter informally with someone at Sun recently -how it'd be nice to be able to retrieve files from some Sun server with the appropriate licenses appearing and needing accepting before the jar files are decrypted. This would be similar to the licensing stuff you get in SuSE Linux's package updater, where you have to accept the licenses for some downloads. (2) is clearly more complex, lower priority and really needs active involvement from Sun. -steve
