notsoserial on jcenter repo?

> Hi Eirik,
>
> We have decided to use notsoserial to provide security for our users
> https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability
>
> We recently moved from Ant to Gradle. After this discussion http://markmail.org/message/ppxjeagqrwx6tkj3 (you don't need to read it, just a cross
> reference for us ;)) we thought to ask you if you would mind pushing notsoserial to jcenter repo?
>
> The reason is it's better for us to have you taking care of that rather than having to create a fork and update on your changes. I guess it would
> help other projects as well. I know some other Top Level Apache Projects (TLP) are also relying on notsoserial.
>
> I hope it's not too much to ask. I saw that you seems to be in vacation https://twitter.com/eirbjo we are not in a hurry (the cinnamon roll seems
> quite weird to me :))
>
> Best regards
>
> Jacques
>

> We did not get an answer yet, but Taher suggested another possibility:
> gradle-repositories-plugin on GitHub. It's not yet evaluated but could be a
> workaround, my only concern is stability in time...
>
> Jacques
>
>
> Le 22/08/2016 à 22:09, Jacques Le Roux a écrit :
>
>> Hi Eirik,
>>
>> We have decided to use notsoserial to provide security for our users
>> https://cwiki.apache.org/confluence/display/OFBIZ/The+infamo
>> us+Java+serialization+vulnerability
>>
>> We recently moved from Ant to Gradle. After this discussion
>> http://markmail.org/message/ppxjeagqrwx6tkj3 (you don't need to read it,
>> just a cross reference for us ;)) we thought to ask you if you would mind
>> pushing notsoserial to jcenter repo?
>>
>> The reason is it's better for us to have you taking care of that rather
>> than having to create a fork and update on your changes. I guess it would
>> help other projects as well. I know some other Top Level Apache Projects
>> (TLP) are also relying on notsoserial.
>>
>> I hope it's not too much to ask. I saw that you seems to be in vacation
>> https://twitter.com/eirbjo we are not in a hurry (the cinnamon roll
>> seems quite weird to me :))
>>
>> Best regards
>>
>> Jacques
>>
>>
>

> Hi Jacques,
>
> I would consider this to be the worst case scenario and no other solutions
> available. I would much rather pull this library from some remote location.
> So let's try to find a solution there first because adding the library this
> way adds a lot of complexity to both the build script, build time,
> dependencies, etc ...
>
> Taher Alkhateeb
>
> On Aug 24, 2016 10:04 AM, "Jacques Le Roux" <[hidden email]>
> wrote:
>
> > We did not get an answer yet, but Taher suggested another possibility:
> > gradle-repositories-plugin on GitHub. It's not yet evaluated but could
> be a
> > workaround, my only concern is stability in time...
> >
> > Jacques
> >
> >
> > Le 22/08/2016 à 22:09, Jacques Le Roux a écrit :
> >
> >> Hi Eirik,
> >>
> >> We have decided to use notsoserial to provide security for our users
> >> https://cwiki.apache.org/confluence/display/OFBIZ/The+infamo
> >> us+Java+serialization+vulnerability
> >>
> >> We recently moved from Ant to Gradle. After this discussion
> >> http://markmail.org/message/ppxjeagqrwx6tkj3 (you don't need to read
> it,
> >> just a cross reference for us ;)) we thought to ask you if you would
> mind
> >> pushing notsoserial to jcenter repo?
> >>
> >> The reason is it's better for us to have you taking care of that rather
> >> than having to create a fork and update on your changes. I guess it
> would
> >> help other projects as well. I know some other Top Level Apache Projects
> >> (TLP) are also relying on notsoserial.
> >>
> >> I hope it's not too much to ask. I saw that you seems to be in vacation
> >> https://twitter.com/eirbjo we are not in a hurry (the cinnamon roll
> >> seems quite weird to me :))
> >>
> >> Best regards
> >>
> >> Jacques
> >>
> >>
> >
>