I'm not sure why you keep bringing up corporate repositories. First, if your company's development standards don't discourage the practice of creating artifacts with hijacked GAVs, you should probably update your standards. Naivete is no excuse either- your developers should be aware of what they are publishing to your company's repository and shouldn't publish non-official versions of official artifacts. If they do this, they should lose their right to upload artifacts.
Second, I really don't see how this is the responsibility of the Android team. I could just as easily create my own version of JUnit and upload that to a corporate or personal repository using the official JUnit's GAV. I could even do it transitively like you describe for HE. It might be a valid issue to bring up, but this is certainly not the place to do it. I do thank you for raising the issue on HE's GitHub project though, because I agree it is poor practice. On Thursday, August 7, 2014 10:46:09 PM UTC-5, William Ferguson wrote: > > Jake, what you are not hearing is that the non-official artefacts are able > to enter a dependency stream through other means not visible to the > developer. This is true for Ant, Gradle and Maven users. > > Do *you* have the official Android support artefacts in your corporate > repository? > Are you sure? > Did you personally check? For each and every version version of each > artefact? > > > > On Fri, Aug 8, 2014 at 1:40 PM, Jake Wharton <[email protected] > <javascript:>> wrote: > >> You were complaining about non-standard artifacts. It solves it by always >> using official artifacts. >> >> I don't care that there's slightly higher overhead for Maven users (which >> the continued fact that it's wholly unsupported falls on your deaf ears). >> That's the price you pay for doing the right thing. >> >> >> On Thu, Aug 7, 2014 at 6:52 PM, William Ferguson < >> [email protected] <javascript:>> wrote: >> >>> On Fri, Aug 8, 2014 at 10:43 AM, Jake Wharton <[email protected] >>> <javascript:>> wrote: >>> >>>> Your problem is one for the Maven community. >>>> >>>> Get them to fix it by delegating to the SDK for the API jar and the two >>>> embedded m2 repos. ~50 line change in the plugin, problem completely >>>> solved. >>>> >>>> >>> This does *NOT* solve the issue. This does not even reference the >>> issue. >>> >>> I can't believe believe that someone like yourself can pretend to be so >>> wilfully ignorant of the impact of the spread of GAV equivalent artifacts >>> that have a higher visibility that those produced by the Android team. >>> >>> William >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "adt-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "adt-dev" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/adt-dev/2hPuSUYttbg/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "adt-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
