• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: October 16th, 2023

help-circle
  • gnl_@alien.topBtoLispIs Leiningen dead?
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Yup, seemed like the most straightforward solution. But other than installing it once and writing a basic ~/.m2/settings.xml to point it to the environment for repo credentials, you should never have to think about it again.

    If all you need from Leiningen is build/install/deploy a library jar, build.simple should have you covered. I’m dogfooding it in my other recent project Playback – so far so good.


  • gnl_@alien.topBtoLispIs Leiningen dead?
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Pretty much everyone has given up on signing at this point, I think?

    I sign all my packages (and also my release commits and tags) – the infrastructure and tools to support easy and thorough artifact verification may not exist at this point, but I’d rather see us collectively push things in that direction than give up on supply chain security altogether.

    Nope. That’s never been true. It’s always been optional.

    Maybe technically optional, but practically not so much – if you wanted to edit any metadata like project description, licenses, etc., you needed a pom.xml template file. The recent :pom-data in 0.9.6 is certainly a step forward.