What about having an XML description of the contents of a repository? Such a description could serve multiple purposes, it could be used to enumerate known mirrors, it could be used to segment the "namespace" - say we reach some agreement with Sun and all sun artifacts fall into a namespace of sun-* and must be redirected to a Sun server, etc. This XML file could be used by tools that want to provide a list of every possible artifact.
What if every Maven repository knew of every other Maven repository because they all shared a common resolution.xml file (think /etc/hosts before the existence of DNS - hackish but it worked). > -----Original Message----- > From: Brett Porter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 05, 2005 6:43 AM > To: [EMAIL PROTECTED]; Steve Loughran > Subject: Re: Maven and [EMAIL PROTECTED] > > > I'll be the Ant rep. > > Great, thanks. > > > I am co-author of the (still stabilising) Ant <libraries> task; it'd > > yeah, I've got to 50 mail threads sitting flagged in gmail to > read one day, as this is about the extent of what I know > about it :) (after you introduced it to repository@ last year) > > > 1. security. this could be with MD5 checksums, or it could be with > > signed JARs. > > MD5's aren't going to do much for security - they're mainly > for download integrity. checking and publishing ASC files is > a definite want I have, and that can be ramped up to the > level of security you need (there are obviously varying > levels of trust of the files and the KEYS themselves). > > > JAR signing needs retrofitting to existing files, but has the > > advantage that JVMs integrate with it and you can do other tricks > > (like put http://ibiblio.org.../artifact.jar on the classpath with > > security turned on) > > That I haven't looked into, but would also be a good, but > optional feature. I think this is more of a build feature > than a repository feature? In fact, I'm sure we already do > this for JNLP. > > > 2. licenses. not just auto-download of .LICENSE files, but ideally > > some way to do click-through that even Sun are happy with. > > Yeah, there's a low hundreds JIRA entry for that (ie OLD :) I > think even that wouldn't fly with Sun IIRC but it doesn't hurt to ask. > > Should be easy to add hooks and allow a user to say "never > ask again for this license" to always accept ASL or > something, but still report the license on download. > > Good ideas and reminders - keep them coming, and I'll put all > this together on the wiki tomorrow-ish. > > Thanks, > Brett > >
