gt;
> >> wrote:
> >> ...
> >
> >> One idea that keeps puzzling in my mind is to reuse central Maven
> >> repository
> >> more than we used to. If I understand correctly while the Maven central
> is
> >> operated by Sonatype, it is just &
28. 9. 2016 v 11:25, Greg Stein <gst...@gmail.com>:
> On Tue, Sep 27, 2016 at 10:13 PM, Jaroslav Tulach <jaroslav.tul...@gmail.com
>> wrote:
>> ...
>
>> One idea that keeps puzzling in my mind is to reuse central Maven
>> repository
>> more tha
On Wed, Sep 28, 2016 at 5:13 AM, Jaroslav Tulach
wrote:
> There are also the [3rd party binaries used during NetBeans build](http://
> hg.netbeans.org/binaries/) - most of them available from Maven central. I
> already [created a
On Wed, Sep 28, 2016 at 12:56 PM, Wade Chandler
wrote:
> ...more later when we get to an incubator...
+1
-Bertrand
-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional
On Sep 28, 2016 5:55 AM, "Sven Reimers" <sven.reim...@gmail.com> wrote:
>
>
> 2. Use Maven repository as storahe backend for the plugin portal, so that
> only the metadata is hosted at the portal not the module binaries..
>
I think the terminology here is key. A &q
Hi,
if I understood Jaroslav correct he is proposing two changes
1. Download 3rd party binaries needed to build NetBeans from a maven
repository (maven central, jcenter or if you behinf corporate firewalls a
synced self hosted repo using nexus or artifactory)
2. Use Maven repository as storahe
On Tue, Sep 27, 2016 at 10:13 PM, Jaroslav Tulach <jaroslav.tul...@gmail.com
> wrote:
>...
> One idea that keeps puzzling in my mind is to reuse central Maven
> repository
> more than we used to. If I understand correctly while the Maven central is
> operated by Sonatyp
he
> > go-ahead for it, otherwise we'll have to find other people willing to
> > host this.
>
> Hi.
> One idea that keeps puzzling in my mind is to reuse central Maven
> repository
> more than we used to. If I understand correctly while the Maven central is
> operated by Sonatype, it
ow to produce Maven artifacts and there is a NetBeans
Maven repository: http://bits.netbeans.org/nexus/content/groups/netbeans/
In addition to that we could modify the http://plugins.netbeans.org to be just
a catalog over bits available in Maven central.
There are also the [3rd party binaries used du
No, Henry, I'm not blocked by it although having another issue, let's talk
about it in another thread. Thanks.
On Wed, Aug 17, 2016 at 2:13 AM, Henry Saputra
wrote:
> Michael,
>
> Both issues are closed. Are you still blocked with the repo for eagle
> creation?
>
> -
Michael,
Both issues are closed. Are you still blocked with the repo for eagle
creation?
- Henry
On Sun, Aug 14, 2016 at 8:27 PM, Michael Wu wrote:
> Got it, John, i'll take notice. Thanks. Sorry for the spam.
>
> On Mon, Aug 15, 2016 at 10:22 AM, John D. Ament
Got it, John, i'll take notice. Thanks. Sorry for the spam.
On Mon, Aug 15, 2016 at 10:22 AM, John D. Ament
wrote:
> Michael,
>
> Your best bet is to ping infra. If email doesn't work, hopping on to
> hipchat with them may work.
> http://www.apache.org/dev/infra-contact
Michael,
Your best bet is to ping infra. If email doesn't work, hopping on to
hipchat with them may work.
http://www.apache.org/dev/infra-contact
John
On Sun, Aug 14, 2016 at 10:15 PM Michael Wu wrote:
> Hi Jake,
>
> Could you please help on this case? There are some
Hi Jake,
Could you please help on this case? There are some required dependencies
blocked. Thanks.
Michael
On Thu, Aug 11, 2016 at 11:20 AM, Michael Wu wrote:
> Hi Jake,
>
> Tickets created:
> https://issues.apache.org/jira/browse/INFRA-12409
>
Hi Jake,
Tickets created:
https://issues.apache.org/jira/browse/INFRA-12409
https://issues.apache.org/jira/browse/INFRA-12410
Thanks for helping it out.
Michael
On Tue, Aug 9, 2016 at 12:00 AM, Jake Farrell wrote:
> Your user will have to get added to nexus, can you
Your user will have to get added to nexus, can you please put in an infra
ticket for this
-Jake
On Sun, Aug 7, 2016 at 11:35 PM, Michael Wu wrote:
> Hi there,
>
> My apache account is "mw".
>
> I was trying to use
>
> $> mvn -Papache-release -DskipTests
Hi there,
My apache account is "mw".
I was trying to use
$> mvn -Papache-release -DskipTests -Dgpg.passphrase=${GPG_PASSPHRASE}
deploy
to upload eagle's jars to https://repository.apache.org/
service/local/staging/deploy/maven2, but it always returned 400 error, as
below fragment:
Thanks for the reply Brian, this is much relief.
However in your initial response your wording clearly indicated the new policy
already being enforced, up to:
[...] your artifacts will end up blocked.
A little less restrictive description could have prevented this
misunderstanding...
I think
Interesting. That's news to me... You have a pointer to more information?
As it turns out, almost all references to external repositories in
poms are junk or turn out to be junk after a bit of time. See here for
some examples:
On 03/23/2010 01:01 AM, Kevan Miller wrote:
On Mar 20, 2010, at 4:45 PM, Brian Fox wrote:
At the Central repository we are restricting the inclusion of external
repositories because this generally creates a mess. This is being
enforced on new artifacts coming in so I would recommend you do
We are having the same problem in Clerezza, one of the dependencies that
isn't in the central repo is sesame 2 [1]. I think we have the following
options:
- not include the sesame backend in the default distribution (users who need
it would have to compile it their selves of download it from
At the Central repository we are restricting the inclusion of external
repositories because this generally creates a mess. This is being
enforced on new artifacts coming in so I would recommend you do not
add them or your artifacts themselves will end up blocked. A better
choice is to encourage
Hi;
Is there any rule/policy for using third-party maven repositories in our
project poms? Recently, we have required to list some repositories in
settings.xml (for example: jboss) to our codebase built correctly. But when
Apache-Hudson runs to built daily, it throws errors because of not finding
I don't know of any apache policy regarding external repositories but i
usual don't recommend placing repositories into the POM at all.
Best practice is to use a repository manager and add the repositories there.
So, i am not sure how Apache Hudson is configured currently, but i would
suggest
anyone wants to
propose
an alternative policy.
See revision 704280.
It is now OK for podlings to deploy approved releases (that satisfy
the labeling and disclaimer requirements) to the central Maven
repository through m2-ibiblio-rsync-repository.
BR,
Jukka Zitting
) to the central Maven
repository through m2-ibiblio-rsync-repository.
BR,
Jukka Zitting
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks,
Jason
Hi,
On Mon, Oct 6, 2008 at 9:45 PM, Jukka Zitting [EMAIL PROTECTED] wrote:
So, unless within a week from now we start seeing constructive efforts
at forming an alternative policy (or clarifying the current
undocumented policy) that we could vote on, I will declare this vote
as passing and
-archives.apache.org/mod_mbox/incubator-general/200809.mbox/[EMAIL
PROTECTED]
Allow extra release distribution channels like the central Maven repository
---
Key: INCUBATOR-82
URL: https
approved releases (that satisfy
the labeling and disclaimer requirements) to the central Maven
repository through m2-ibiblio-rsync-repository.
BR,
Jukka Zitting
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands
releases (that satisfy
the labeling and disclaimer requirements) to the central Maven
repository through m2-ibiblio-rsync-repository.
BR,
Jukka Zitting
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
Jason van Zyl wrote:
The central repository is the Maven PMC's business. What results will be
public policy but we'd like to avoid the banter of the misinformed so we
can arrive at a decision quickly.
I'd love to avoid the banter of the misinformed too, but that's not the
way Apache projects
The central repository is not an Apache project's resource.
We've always discussed issues of the central repository in private
(except for technical details of syncing other project repositories)
and as far as policy goes it's the Maven PMC that will sets it.
Members can see the list and
Hi,
On Wed, Sep 24, 2008 at 3:40 PM, Jukka Zitting [EMAIL PROTECTED] wrote:
This is a slight majority (of binding votes) for accepting the
proposed change, but given the clear lack of consensus and the
concerns voiced about that, I unfortunately need to conclude that this
issue should be
The central repository is the Maven PMC's business. What results will
be public policy but we'd like to avoid the banter of the misinformed
so we can arrive at a decision quickly.
On 6-Oct-08, at 10:22 AM, Noel J. Bergman wrote:
Jason van Zyl wrote:
The discussions are taking place on
On Tue, Oct 7, 2008 at 11:47 AM, Jason van Zyl [EMAIL PROTECTED] wrote:
The central repository is the Maven PMC's business. What results will be
public policy but we'd like to avoid the banter of the misinformed so we can
arrive at a decision quickly.
Yes, although the PMC is expected to do
CLI tool, produces a Lucene index which Nexus uses
to create a federated searching and retrieval mechanism.
One instance of Nexus can proxy any other Maven repository -- a
repository manager or normal webserver -- and with the presence of the
Nexus index allows federated searching
2008/10/3 Jason van Zyl [EMAIL PROTECTED]:
On 2-Oct-08, at 9:19 PM, Noel J. Bergman wrote:
Emmanuel Lecharny wrote:
Better a bad decision than no decision, otherwise, soon, nobody will
vote anymore...
Not really. Consider that there appears to be a clear consensus that if
Maven were to
The discussions are taking place on the Maven PMC list. If you are a
member you can join the list.
On 4-Oct-08, at 8:31 AM, Gilles Scokart wrote:
2008/10/3 Jason van Zyl [EMAIL PROTECTED]:
On 2-Oct-08, at 9:19 PM, Noel J. Bergman wrote:
Emmanuel Lecharny wrote:
Better a bad decision
On Sat, Oct 4, 2008 at 12:45 AM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Color me confused again, but during setup and formation of the Incubator,
a podling had to graduate before doing a release. It was rather well
established before this rule was modified, but it seems that this change
On 2-Oct-08, at 9:19 PM, Noel J. Bergman wrote:
Emmanuel Lecharny wrote:
Better a bad decision than no decision, otherwise, soon, nobody will
vote anymore...
Not really. Consider that there appears to be a clear consensus
that if
Maven were to fix the download situation, requiring that
Noel J. Bergman wrote:
William A. Rowe, Jr. wrote:
Jukka Zitting wrote:
Does the ASF endorse these releases, and what does that endorsement mean?
yes...
You are talking about a legal licensing matter, whereas discussion during the
setup and formation of the Incubator was quite
William A. Rowe, Jr. wrote:
Jukka Zitting wrote:
This is a slight majority (of binding votes) for accepting the
proposed change, but given the clear lack of consensus and the
concerns voiced about that, I unfortunately need to conclude that this
issue should be tabled until better
Emmanuel Lecharny wrote:
Better a bad decision than no decision, otherwise, soon, nobody will
vote anymore...
Not really. Consider that there appears to be a clear consensus that if
Maven were to fix the download situation, requiring that users approve the
user of Incubator artifacts, rather
On Thu, Sep 25, 2008 at 5:15 AM, Doug Cutting [EMAIL PROTECTED] wrote:
This is the crux of the issue.
Do releases from the Incubator project differ from those of other projects?
The people who created the Incubator should be able to answer this
question. IMHO (I didn't vote), what we all
Hi,
On Thu, Sep 25, 2008 at 12:58 AM, Niall Pemberton
[EMAIL PROTECTED] wrote:
If this vote doesn't pass then we need to re-write the rules to
define how much of a majority overturns the status quo.
I'm following http://www.apache.org/foundation/voting.html and the
express wish of our PMC
On Fri, Sep 26, 2008 at 5:31 AM, Jukka Zitting [EMAIL PROTECTED]wrote:
Hi,
On Thu, Sep 25, 2008 at 12:58 AM, Niall Pemberton
[EMAIL PROTECTED] wrote:
If this vote doesn't pass then we need to re-write the rules to
define how much of a majority overturns the status quo.
I'm following
Matthieu Riou wrote:
I've also looked at the mentors votes, those who are basically running this
place. I'm a small player but Craig mentors 6 poddlings, Jim, Henning and
Jukka 4 and Doug 3. I'm not saying their votes count more than others, just
that when those people disagree, we should
On Fri, Sep 26, 2008 at 9:55 AM, William A. Rowe, Jr.
[EMAIL PROTECTED]wrote:
Matthieu Riou wrote:
I've also looked at the mentors votes, those who are basically running
this
place. I'm a small player but Craig mentors 6 poddlings, Jim, Henning and
Jukka 4 and Doug 3. I'm not saying
William A. Rowe, Jr. wrote:
David Crossley wrote:
William A. Rowe, Jr. wrote:
[snip]
I liked the way you put the question; it's not up to incubator project to
set the rules for Maven. If the maven PMC decides that these incubator
releases don't belong in the primary repository,
Hi,
On Wed, Sep 24, 2008 at 5:45 AM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Jukka Zitting wrote:
Please vote on accepting or rejecting this policy change! This
majority vote is open for a week and only votes from the Incubator PMC
members are binding.
Just as a point of reference,
Jukka Zitting wrote:
I extended the vote for another week, which IMHO clearly puts the
endpoint to this morning. As such, I will be closing the vote in a few
hours.
:)
Sounds great
-
To unsubscribe, e-mail: [EMAIL
we have a clearer policy
on what we actually require of incubating releases and their
distribution, it seems premature to debate whether the Maven
repository meets those requirements.
So, before reopening this release distribution issue, I would expect
us to clarify the policy on incubating
and other methodologies helped us validate the legal aspects of
the ASF releases to the point that this is not uncomfortable anymore.
The main impression I got from the related discussion is that the main
concern is not that much the security or transparency of the Maven
repository but rather
Jukka Zitting wrote:
Of which we have two; released, or not released, and that's a product
of oversight and a [VOTE]. There are no magical in-betweens.
As evidenced by this vote this is hardly the consensus. See comments
like incubating releases to be treated as full Apache releases or
a definition of how
short we fell of passing this vote and what the bar is.
Niall
The main impression I got from the related discussion is that the main
concern is not that much the security or transparency of the Maven
repository but rather the status of incubating releases in general
Niall Pemberton wrote:
This is a slight majority (of binding votes) for accepting the
proposed change, but given the clear lack of consensus and the
concerns voiced about that, I unfortunately need to conclude that this
issue should be tabled until better consensus is reached.
If this was
William A. Rowe, Jr. wrote:
Jukka Zitting wrote:
[snip]
Are incubating releases official releases of the ASF?
Yes. Otherwise they must be removed from ASF servers.
There's no middle ground.
[snip]
How strong disclaimers are needed and what level of explicit
acknowledgement
David Crossley wrote:
William A. Rowe, Jr. wrote:
[snip]
I liked the way you put the question; it's not up to incubator project to
set the rules for Maven. If the maven PMC decides that these incubator
releases don't belong in the primary repository, that's their call. But
this vote
On Wed, Sep 24, 2008 at 2:21 PM, William A. Rowe, Jr.
[EMAIL PROTECTED]wrote:
Jukka Zitting wrote:
Of which we have two; released, or not released, and that's a product
of oversight and a [VOTE]. There are no magical in-betweens.
As evidenced by this vote this is hardly the consensus.
the incubating release subsequently is abandoned, blame will be
cast widely, including Apache itself.
Considering that dependencies on incubating releases can be
resolved by explicitly adding an incubating Maven repository into
your settings, I don't think that wide, mirrored, distribution
Jukka Zitting wrote:
[ ] +1 Yes, allow extra release distribution channels like the central
Maven repository
[ ] -1 No, keep the current policy
+1 All releases by ASF PMC's should be equal. If the Incubator PMC
isn't confident of a release then it shouldn't release it. The release
process
On Tue, Sep 23, 2008 at 3:15 PM, Doug Cutting [EMAIL PROTECTED] wrote:
Jukka Zitting wrote:
[ ] +1 Yes, allow extra release distribution channels like the central
Maven repository
[ ] -1 No, keep the current policy
+1 All releases by ASF PMC's should be equal. If the Incubator PMC isn't
the central
Maven repository
[ ] -1 No, keep the current policy
+1 All releases by ASF PMC's should be equal. If the Incubator PMC isn't
confident of a release then it shouldn't release it. The release process
should not just check legal concerns, but also the quality of the code and
its
Jukka Zitting wrote:
Please vote on accepting or rejecting this policy change! This
majority vote is open for a week and only votes from the Incubator PMC
members are binding.
Just as a point of reference, extending a vote for a given period of time
is a good thing to accommodate all input.
adding an incubating Maven repository into your settings, I
don't think that wide, mirrored, distribution is warranted.
Craig
On Sep 9, 2008, at 11:34 PM, Jukka Zitting wrote:
Hi,
We've had a number of long discussions about the incubating projects
using the central Maven repository
Zitting wrote:
I would like to finally resolve the issue one way or another
Until somebody on the other way reopens it in a few months ;-(
[ ] +1 Yes, allow extra release distribution channels like the central
Maven repository
[ ] -1 No, keep the current policy
On Sun, Sep 21, 2008 at 6:13 PM, Roland Weber [EMAIL PROTECTED] wrote:
Users who would care about incubating disclaimers will
find those via Maven too. Users who don't care will ignore
them no matter what you do. You can't force users to care.
Although I agree with your standpoint, your
On Thu, Sep 18, 2008 at 4:57 AM, Noel J. Bergman [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
Noel J. Bergman wrote:
The current tally is extremely close (9 +1 vs. 8 -1 binding)
I don't want to close an issue with such a small margin.
I suggest that we should not change policy
not forbid the incubator artefact to be published in the
maven repository. Once an incubating release is done, anyone is free
to redistribute it.
- It bring benefits for the incubating project (more users, more
visibility)
-1 say:
- It allow the user to ignore the disclaimer
to summarize the two positions, see if we could
not reconcile the two positions and found a better consensus.
Here is what the 2 camps say:
+1 : say:
- We can not forbid the incubator artefact to be published in the
maven repository. Once an incubating release is done, anyone is free
the central
Maven repository
[ ] -1 No, keep the current policy
My vote is +1
BR,
Jukka Zitting
+1. While I understand the concern with the need for it to be clear to
users (developers using Maven) that they are using an incubator release, and
not an endorsed-by-Apache release, I believe
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Similarly, the issue of signature validation is a significant flaw which
I also hope maven addresses even more promptly, and which they are aware
of. The alternatives are to take down maven until it is secure, or to
+1 (non-binding)
The current policy is silly.
On Wed, Sep 10, 2008 at 8:34 AM, Jukka Zitting [EMAIL PROTECTED]wrote:
Hi,
We've had a number of long discussions about the incubating projects
using the central Maven repository to distribute their releases. The
current policy
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Similarly, the issue of signature validation is a significant flaw which
I also hope maven addresses even more promptly, and which they are aware
of.
On Wednesday 17 September 2008 8:05:40 pm Henning Schmiedehausen wrote:
Thus:
If the central maven repository maintainers (Maven PMC) decide to put
incubator artifacts into their repository without a click through this
is incubator code disclaimer, we'd have no legal reason to say
On Thu, Sep 10, 2008 at 9:34 AM, Jukka Zitting
[EMAIL PROTECTED] wrote:
Hi,
We've had a number of long discussions about the incubating projects
using the central Maven repository to distribute their releases. The
current policy is that incubating releases should not go
a better consensus.
Here is what the 2 camps say:
+1 : say:
- We can not forbid the incubator artefact to be published in the
maven repository. Once an incubating release is done, anyone is free
to redistribute it.
- It bring benefits for the incubating project (more users, more
PROTECTED] wrote:
On Wednesday 17 September 2008 8:05:40 pm Henning Schmiedehausen wrote:
Thus:
If the central maven repository maintainers (Maven PMC) decide to put
incubator artifacts into their repository without a click through this
is incubator code disclaimer, we'd have no legal
it. :-)
Dan
thanks,
dims
On Thu, Sep 18, 2008 at 11:17 AM, Daniel Kulp [EMAIL PROTECTED] wrote:
On Wednesday 17 September 2008 8:05:40 pm Henning Schmiedehausen wrote:
Thus:
If the central maven repository maintainers (Maven PMC) decide to put
incubator artifacts
of crap and overwrite releases and
add snapshots and stuff. Then they wouldn't want it. :-)
Dan
thanks,
dims
On Thu, Sep 18, 2008 at 11:17 AM, Daniel Kulp [EMAIL PROTECTED] wrote:
On Wednesday 17 September 2008 8:05:40 pm Henning Schmiedehausen wrote:
Thus:
If the central maven
On Thu, Sep 18, 2008 at 10:59 AM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Similarly, the issue of signature validation is a significant flaw which
I also hope maven
Hiram Chirino wrote:
So the responsibility is still on us, the upstream distributor, to
verify the the checksums we list in our source distro are correct.
But at least by doing this, down stream users of our source distros
can rest assured that the dependencies that they are using are the
releases and
add snapshots and stuff. Then they wouldn't want it. :-)
Dan
thanks,
dims
On Thu, Sep 18, 2008 at 11:17 AM, Daniel Kulp [EMAIL PROTECTED] wrote:
On Wednesday 17 September 2008 8:05:40 pm Henning Schmiedehausen wrote:
Thus:
If the central maven repository
or by downloading a source release, both of which are
separate from the Maven repository.
Once you've confident that the sources you have are not compromised,
the included checksums will verify that the dependencies that were
downloaded by Maven are also valid (i.e. the same binaries that the
original developer
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Thu, Sep 18, 2008 at 10:59 AM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Similarly, the issue of
and which you typically got either by checking it
out of svn or by downloading a source release, both of which are
separate from the Maven repository.
Once you've confident that the sources you have are not compromised,
the included checksums will verify that the dependencies that were
Hi,
On Thu, Sep 18, 2008 at 9:08 PM, sebb [EMAIL PROTECTED] wrote:
The checksums are _not_ downloaded from the Maven repository.
So where are they stored?
For example in our svn or signed source release packages. Along with
the source code.
BR,
Jukka Zitting
On Thu, Sep 18, 2008 at 2:26 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Hiram Chirino wrote:
So the responsibility is still on us, the upstream distributor, to
verify the the checksums we list in our source distro are correct.
But at least by doing this, down stream users of our source
Right.. It's part of the source distro or SVN.
On Thu, Sep 18, 2008 at 3:10 PM, Jukka Zitting [EMAIL PROTECTED] wrote:
Hi,
On Thu, Sep 18, 2008 at 9:08 PM, sebb [EMAIL PROTECTED] wrote:
The checksums are _not_ downloaded from the Maven repository.
So where are they stored?
For example
On Thu, Sep 18, 2008 at 3:07 PM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Thu, Sep 18, 2008 at 10:59 AM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Wed, Sep 17, 2008 at 9:42 PM, William A. Rowe, Jr.
maven repository maintainers (Maven PMC) decide
to put
incubator artifacts into their repository without a click
through
this is incubator code disclaimer, we'd have no legal reason
to say
no. The Apache License allows them to do so.
The Incubator PMC controls the policy on how
Hiram, I wish you would desist already from debating positions that you
can't defend...
Hiram Chirino wrote:
On Thu, Sep 18, 2008 at 3:07 PM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
So the responsibility is still on us, the upstream distributor, to
0. There were good reasons for both sides.
Regards,
Thomas
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Thu, Sep 18, 2008 at 2:26 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Hiram Chirino wrote:
So the responsibility is still on us, the upstream distributor, to
verify the the checksums we list in our source distro are
Trust me I'm not trying to be difficult..
On Thu, Sep 18, 2008 at 4:53 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Hiram, I wish you would desist already from debating positions that you
can't defend...
Hiram Chirino wrote:
On Thu, Sep 18, 2008 at 3:07 PM, sebb [EMAIL PROTECTED]
On Thu, Sep 18, 2008 at 4:57 PM, sebb [EMAIL PROTECTED] wrote:
On 18/09/2008, Hiram Chirino [EMAIL PROTECTED] wrote:
On Thu, Sep 18, 2008 at 2:26 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Hiram Chirino wrote:
So the responsibility is still on us, the upstream distributor, to
Hiram Chirino wrote:
Agreed. I never argued against this. But I fail to see the point?
Are you saying initial trust is hard to secure? I totally agree on
that point. You have any solutions?
Yes. You sign your package locally, never on the remote system. The ASF
hardware must never have
Hi,
On Thu, Sep 18, 2008 at 11:41 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Since the hash is not security, it's not terribly important, eh?
Hashes are a perfect tool for verifying message integrity. They won't
prove origin like signatures do, but verifiable integrity is hardly
*not*
2008/9/16 Emmanuel Lecharny [EMAIL PROTECTED]:
The problem with a release injected in maven is that it will be there
forever. If a release has some problems (IP issues, etc), you can't remove
it from maven, as some projects might depend on it, and the users will
immediately carpet bomb the
Hi,
On Wed, Sep 10, 2008 at 8:34 AM, Jukka Zitting [EMAIL PROTECTED] wrote:
Please vote on accepting or rejecting this policy change! This
majority vote is open for a week and only votes from the Incubator PMC
members are binding.
I am extending the vote period for another week as there is
1 - 100 of 326 matches
Mail list logo