Hi Maven developers, doing a large-scale analysis of Maven Central, I've come across a couple of "weird" GAVs like this one: groupId=com.knappsack, artifactId=swagger4spring-web, version=mvn+release:perform [1].
The colon in the version raises the question as to the allowed characters in the different components of a GAV. AFAICT, a colon in the version is at least rejected by the org.eclipse.aether.artifact.DefaultArtifact(String) constructor, so that seems to be illegal, but DefaultModelValidator doesn't complain. Also, querying the index of Central returns an org.apache.maven.index.ArtifactInfo with a version of "mvn+release:perform" just fine. What's the best way to handle this? Should every plug-in that consumes, say, a Maven Index sanitize the results? Or should this be handled upstream in the repository manager? (Note that the POM of [1] has a <version> of "mvn release:perform", but the ArtifactInfo's version is "mvn+release:perform", so some sanitation has already happened somewhere, probably in Nexus.) Best wishes, Andreas [1] <http://search.maven.org/#artifactdetails%7Ccom.knappsack%7Cswagger4spring-web%7Cmvn%2Brelease%3Aperform%7Cjar>
signature.asc
Description: OpenPGP digital signature
