Kostis Anagnostopoulos wrote:
> Hi,
>
> As some of you may have heard, a new maven-2 repository has been
> installed on java.net. The uploading procedure is manual and a bit
> complicated, but it is indeed possible.
>
> The jars for jaxb-1.x that are uploaded into java.net's
> maven-1(legacy) repository do not contain the proper metadata, so when
> using them, maven2 tries to re-download them on each build, which is
> annoying.
>
> * Can i upload the jaxb-1.x jars into java.net's maven-2 repository ?
Yes, sure.
I should still reiterate my concern, which is the lack of any security
measure. It seems to allow anyone to overwrite these jars, so users
aren't protected from an attacker possibly posting malicious jar files
in place of JAXB jars.
We should think about how to automate this for JAXB 2.0.x, where we
expect more future versions to come...
--
Kohsuke Kawaguchi
Sun Microsystems kohsuke.kawaguchi_at_sun.com