Dave, Thank you for spending time on this. This still doesn't address the issue you mentioned earlier:
I am concerned that you were downloading from repository.apache.org for > many of the artifacts. This repos is used by apache projects to stage for > release and some organizations do get their IP addresses banned for over > use of it. > I'm still not clear what I should do to "fix" this. **** WRT to your 3 scenarios above for the POM: #1 is rather rare in our case. Someone testing a new staged release to confirm that it works OK for projects that depend on the artifact jars for their code to work, PRIOR to the actual release. #2 is used by our committers that do releases. #3 is the general user case. Here, the artifacts are generally downloaded automatically by the downstream Maven or equivalent build manager. And I would presume they would access Maven Central directly for this. This could be relatively high volume, but MC should be able to handle it. Some external developers may wish to download the zip from http://archive.apache.org/dist/, but I would think that would be rare, as it is much easier to get a zip or fork from Github directly. >From your comments and your links, I don't find any suggestion to change anything. Is that correct? best regards, Lee. On Thu, Oct 10, 2019 at 12:17 PM Dave Fisher <[email protected]> wrote: > Hi Lee, > > I think that the pom needs to address the following three scenarios: > > (1) A DataSketches developer working on the project code and using staged > repositories. > (2) The DataSketches release manager making a staged repository. > (3) A DataSketches user working one building from released packages only. > > In the case of (1) and (2) your pom is likely ok. > In the case of (3) the user should be going for maven central repositories. > > See these pages: > This shows workflows: > https://maven.apache.org/repository/index.html > > This shows profiles which I think you want to use. > https://maven.apache.org/guides/mini/guide-multiple-repositories.html > > These ASF pages: > https://www.apache.org/dev/repository-faq.html#repodotapache > http://www.apache.org/dev/publishing-maven-artifacts.html > http://maven.apache.org/pom/asf/ > > There is a mailing list where you can ask questions: [email protected] > > Regards, > Dave > > > On Oct 7, 2019, at 2:12 PM, leerho <[email protected]> wrote: > > > > On reading your email again, are you saying the opposite of the above. > > I.e., we should be listing POM *dependencies* to Maven Central rather > than > > repository.apache.org? > > > > I'm confused, because the Apache Parent Pom clearly references > > repository.apache.org, > > > > > > > > > > > > On Mon, Oct 7, 2019 at 11:13 AM leerho <[email protected]> wrote: > > > >> Dave, > >> > >> Thank you! We have been looking for a Maven expert, so any help from > you > >> would be greatly appreciated!! > >> > >> So you are saying that it is preferable to point external users to > >> repository.apache.org site rather than search.maven.org ? > >> > >> I thought they were both part of the same big repository, both a part of > >> Apache, and repository.apache.org was just a special interface for > Apache > >> projects. > >> > >> Lee. > >> > >> On Mon, Oct 7, 2019 at 10:32 AM Dave Fisher <[email protected]> > wrote: > >> > >>> Hi - > >>> > >>> Clean out your .m2 folder and run a mvn build. You will see that many > of > >>> the dependencies on other Apache products are downloaded from > >>> repository.apache.org instead of maven central. > >>> > >>> Suppose a user of DataSketches has 10s of developers and a CI that > starts > >>> builds with a clean container. That runs with every checkin. This along > >>> with access to other Apache.org resources may trigger an auto ban. I’ve > >>> seen Apache sysadmins suggest this as a cause for these. > >>> > >>> I’m a bit of a hack with maven. I’ll take a look at the Pom tomorrow to > >>> see if I have a suggestion. > >>> > >>> Regards, > >>> Dave > >>> > >>> Sent from my iPhone > >>> > >>>> On Oct 6, 2019, at 3:40 PM, leerho <[email protected]> wrote: > >>>> > >>>> Hello Dave, > >>>> > >>>> I’m sorry, but your comment makes no sense to me. > >>>> > >>>> Our use of the Nexus repository /staging is precisely to stage the Jar > >>>> Artifacts prior to a release and during the voting process so that > IPMC > >>> and > >>>> PPMC voters can examine the Jar artifacts if they wish. > >>>> > >>>> Once the voting is successful, we transfer the staged artifacts to the > >>>> Nexus release directories using the Nexus release process. > >>>> > >>>> How else are we supposed to get our released jars into Maven Central? > >>>> > >>>> What constitutes “over use” ? > >>>> > >>>> Lee. > >>>> > >>>> > >>>> > >>>>> On Sun, Oct 6, 2019 at 1:54 PM Dave Fisher <[email protected]> wrote: > >>>>> > >>>>> +1 (binding) > >>>>> > >>>>> I checked the same as Furkan. > >>>>> > >>>>> I am concerned that you were downloading from repository.apache.org > >>> for > >>>>> many of the artifacts. This repos is used by apache projects to stage > >>> for > >>>>> release and some organizations do get their IP addresses banned for > >>> over > >>>>> use of it. > >>>>> > >>>>> Regards, > >>>>> Dave > >>>>> > >>>>>> On Oct 5, 2019, at 10:53 AM, Furkan KAMACI <[email protected]> > >>>>> wrote: > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>> +1 from me. > >>>>>> > >>>>>> I checked: > >>>>>> > >>>>>> - Incubating in name > >>>>>> - DISCLAIMER exists > >>>>>> - LICENSE and NOTICE are fine > >>>>>> - No unexpected binary files > >>>>>> - Checked PGP signatures > >>>>>> - Checked Checksums > >>>>>> - Code compiles and tests successfully run > >>>>>> > >>>>>> I have one objection: > >>>>>> > >>>>>> src/main/javadoc/stylesheet.css file has missing Apache license > >>> header. > >>>>>> > >>>>>> Kind Regards, > >>>>>> Furkan KAMACI > >>>>>> > >>>>>>> On Fri, Oct 4, 2019 at 12:07 AM leerho <[email protected]> wrote: > >>>>>>> > >>>>>>> ### NEW COMPONENT! ### > >>>>>>> > >>>>>>> Hello Apache DataSketches PPMC and Community, > >>>>>>> > >>>>>>> 1. This is a call for vote to release Apache DataSketches-hive > >>> version: > >>>>>>> 1.0.0-incubating-RC1 > >>>>>>> > >>>>>>> NOTE 1: This is the Hive adaptors component of the DataSketches > >>>>> library > >>>>>>> that enables Apache Hive to access the datasketches-java core > >>> library. > >>>>>>> > >>>>>>> 2. Source repository: > >>>>>>> - https://github.com/apache/incubator-datasketches-hive > >>>>>>> > >>>>>>> Git Tag for this release: > >>>>>>> - > >>>>>>> > >>>>>>> > >>>>> > >>> > https://github.com/apache/incubator-datasketches-hive/tree/1.0.0-incubating-RC1 > >>>>>>> on branch 1.0.X-incubating > >>>>>>> > >>>>>>> Git HashId for this release starts with: 5319e72 > >>>>>>> > >>>>>>> 3. The Release Candidate / Zip Repository: > >>>>>>> - > >>>>>>> > >>>>>>> > >>>>> > >>> > https://dist.apache.org/repos/dist/dev/incubator/datasketches/hive/1.0.0-incubating-RC1/ > >>>>>>> > >>>>>>> The public signing key can be found in the KEYS file: > >>>>>>> - > >>> https://dist.apache.org/repos/dist/dev/incubator/datasketches/KEYS > >>>>>>> > >>>>>>> The artifacts have been signed with --keyid-format SHORT : > 8CD4A902 > >>>>>>> > >>>>>>> 4. Repository: Maven Central [Nexus](http://repository.apache.org) > >>> (Jar > >>>>>>> Artifacts): > >>>>>>> - > >>>>>>> > >>>>>>> > >>>>> > >>> > https://repository.apache.org/content/groups/staging/org/apache/datasketches/datasketches-hive/1.0.0-incubating/ > >>>>>>> > >>>>>>> 5. Build & Test Guide: > >>>>>>> - > >>>>>>> > >>>>>>> > >>>>> > >>> > https://github.com/apache/incubator-datasketches-hive/blob/1.0.0-incubating-RC1/README.md > >>>>>>> > >>>>>>> 6. The vote will be performed in two stages: > >>>>>>> - This letter will be published on dev@ and remain open for at > >>> least > >>>>> 72 > >>>>>>> hours and at least 3 (+1) PPMC votes or a majority of (+1) are > >>> acquired. > >>>>>>> All PPMC members including Mentors can vote. However, a negative > vote > >>>>> from > >>>>>>> a Mentor will cancel this voting process. > >>>>>>> > >>>>>>> - After it passes the first stage, the summary of that vote and the > >>>>> key > >>>>>>> information from this letter will be published on general@incubator > >>> and > >>>>>>> remain open for at least 72 hours and at least 3 (+1) IPMC votes > or a > >>>>>>> majority of (+1) are acquired. > >>>>>>> > >>>>>>> Please vote accordingly: > >>>>>>> > >>>>>>> [ ] +1 approve > >>>>>>> [ ] +0 no opinion > >>>>>>> [ ] -1 disapprove with the reason > >>>>>>> > >>>>>>> Thanks, > >>>>>>> Lee Rhodes > >>>>>>> [email protected] > >>>>>>> > >>>>> > >>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: [email protected] > >>>>> For additional commands, e-mail: [email protected] > >>>>> > >>>>> -- > >>>> From my cell phone. > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
