Same here. Just wondering if it's common practice for close sourced products to remove maven manifest info from jars... something we cannot search in open source codes! :-)
I am hoping to get an authoritative reference that says it's OK to leave it there. On Nov 19, 2013 9:40 AM, "Adam Retter" <adam.ret...@googlemail.com> wrote: > I would be interested to know what your peers perceive the security > concerns as being? > > On 19 November 2013 01:22, Tang Kin Chuen <kct...@big2.net> wrote: > > Hi guys, > > > > Are there any security concerns in leaving the default pom file(s) in > > meta-inf of generated jars for "commercial products"? > > > > I find it useful to leave it there for troubleshooting purpose, thinking > > that there is not much security concerns but my peers are thinking > > otherwise. > > > > I would like to seek some advise/opinions on this topic. > > > > Cheers! > > > > -- > Adam Retter > > skype: adam.retter > tweet: adamretter > http://www.adamretter.org.uk > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >
