Hello all, 1. I see that a Maven2 alpha is out: is it still using the Maven1 repository structure?
2. I have been busy coding the SmartFrog support for Libraries (http://smartfrog.org). so that you can declare what your classpath is for running things at deploy time commons-logging extends MavenArtifact { project "commons-logging"; version "1.0.4"; sha1="f4ddb24e07c"; } I'm going to allow for both SHA1 and MD5 checking, the idea being that you declare them in the deployment descriptor which needs to be in a signed JAR before being trusted. So we dont need to worry about security of HTTP repositories, or the .md5 files in the repository -we only need to carey about security of deployment descriptors and the private keys used to sign them for any particular infrastructure. I'm also going to be paranoid and recheck the signatures even against files that are cached. 3. One question I have is about our policy for longer project names, "org.apache.something". I have stub code that replaces that with org/apache/something and then looks for the usual org/apache/something/jars/artifact[-version][.extension] afterwards. Is this wise or not? -steve
