You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "raboof (via GitHub)" <gi...@apache.org> on 2023/01/27 09:16:51 UTC

[GitHub] [maven-site] raboof opened a new pull request, #373: Document the 'security model' for Maven

raboof opened a new pull request, #373:
URL: https://github.com/apache/maven-site/pull/373

   To make it easier for users to understand what to expect, and for security researchers to decide where to focus their efforts.
   
   I guess we could add further nuance when describing particular security features (e.g. perhaps we don't have to trust repositories themselves if we closely check the signatures on all downloaded material), but this might be a good starting point for generally setting the right expectations.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-site] michael-o merged pull request #373: Document the 'security model' for Maven

Posted by "michael-o (via GitHub)" <gi...@apache.org>.

michael-o merged PR #373:
URL: https://github.com/apache/maven-site/pull/373


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org