Re: Maven 3.4.0 Release

Hi, what is the status on this? Can we expect a release this year? I think the open issues are: is maven-resolver ready to replace aether? AFAIK some dependency management changes have been reverted, are all others indeed bugfixes and safe to keep in this release? Here are the current releas

Re: Taking Security Seriously

Hi The attack scenario that I'm trying to guard against is the following: Stopping an attacker that manages to exploit the our nexus server from being able to run arbitrary code on all the build servers and developer machines in our organization. best regards Alexander Kjäll On 06. des. 201

Re: Taking Security Seriously

What real problem is behind your question? Are you running any tool which has a problem with signatures in Nexus or the development process in your company has a problem? The MD5 is not security nothing but verification of deployed artifact is identical binary you have downloaded from Nexus, and h

Re: [VOTE] Release Apache Maven Resources Plugin version 3.0.2

+1 On 5 December 2016 at 23:20, Christian Schulte wrote: > Hi, > > We solved 3 issues: > projectId=12317827&version=12336059> > > There are still a couple of issues left in JIRA: >

Re: Taking Security Seriously

This is a a good idea, and a hash it would serve roughly as good as specifying the key i think, it would maybe even be better since it's easier to generate a hash. It might be wise to plan for the future, as what ever hash algorithm that is considered best practice today will be broken and use

Re: [VOTE] Release Apache Maven Resources Plugin version 3.0.2

+1 /Anders On Mon, Dec 5, 2016 at 9:23 PM, Robert Scholte wrote: > +1 > > > On Mon, 05 Dec 2016 13:20:25 +0100, Christian Schulte > wrote: > > Hi, >> >> We solved 3 issues: >> > ectId=12317827&version=12336059> >> >> There are still