Russel Winder-4 wrote: > > The implication here is that you run your own repository internally > behind the corporate firewall. This can then be populated with chosen > materials that are trusted. This is no different from downloading > Gradle and trusting it. Or am I missing something? >
no - i agree. one of the very nice features of gradle is, that you can use the lib/ like a repository. this is handy for a single-project- context or a module in an early development-state. if you have multiple projects, that want to share artifacts, which is a common requirement in the enterprise-context, you have to establish a repository-infrastructure. parts of the repository-infrastructure can be made public for usage by customers or communities. a strict policy and a governance model is an essential for public repositories. an enterprise should only use 'trusted' repositories and there must be strict criteria for what 'trusted' is. a term that i first heared from linus torvalds is: 'network of trust'. enterprises, that use open-source-software will have to establish that. if you dont trust ibiblio, you can not trust any open-source that uses ibiblio without checking the security of the resolved artifacts. security is a subject that is commonly underrated by the community. have a nice time -- View this message in context: http://www.nabble.com/error-in-opening-zip-file-tp20380977p20416876.html Sent from the gradle-user mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
