Howdy, Just a short status update.
So, Maven bugfix 3.8.6 has all selected issues fixed, add more if you want (remember, only regressions and super-trivial a'la logback): https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.8.6 Maven 3.9.0 has 2 new tasks added by me (resolver 1.8.0 is one of them) and some are open/in progress: https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.9.0 Resolver 1.8.0 release seems imminent: https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.8.0 Have fun T On Thu, Apr 7, 2022 at 10:17 AM Tamás Cservenák <ta...@cservenak.net> wrote: > ... to not dissipate and reduce our (effort) losses :) > > Howdy, > > In short, I think we can agree on this sentence: > "we need to get rid of maven 3.8.x as fast as possible, release maven > 3.9.x and once out, keep it on regression fixes until maven 4 is ready". > > # Get rid of Maven 3.8.x > > Hence, I think we MUST do 3.8.6, as there is one regression that it IMHO a > must: > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved%20AND%20fixVersion%20%3D%203.8.6%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC > > There are some other issues "affects 3.8.5" but I don't see them as > blockers (but please argue if you disagree): > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved%20AND%20affectedVersion%20%3D%203.8.5%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC > > Out of them: > > MNG-7432 [REGRESSION] Dependencies from profile not picked up via > -P<profileName> > Must be fixed (PR merge pending) > > MNG-7433 [REGRESSION] Multiple maven instances working on same source tree > can lock each other > Fluke IMHO, but as Dan is an old Maven biker, I think he uses Takari > Lifecycle plus maybe even Takari Local Repo extension, unsure. Definitely > this looks too vague to me, as Guillaume PR for sure cannot deadlock two > JVMs.... (it uses in-JVM locks). > > MNG-7449 [REGRESSION] StringVisitorModelInterpolator NullPointerException > Anyone? Unsure what is happening here, also how are these "new classes in > 3.8.5"? > > MNG-7441 Update Version of Logback to Address CVE-2021-42550 > We should do this, as we plan to keep 3.8.x on the shelf for a while. > Hence, we will get more and more reports like these from end users. Let's > cut it from the root. > > MNG-7438 add execution id to "Configuring mojo xxx with basic > configurator" debug message > IMHO: nope > > MNG-4917 Profile not active even though it has activeByDefault set to true > IMHO: nope -- this issue is 12 years old! > > MNG-7429 The classloader containing build extensions should be used > throughout the build > IMHO nope: (unless regression from some 3.8.x) > > MNG-7448 if we delete bin directory in apache-maven/src, we can not find > because git has ignore it . > IMHO nope: ??? > > MNG-7439 Make fields of CliRequest protected > IMHO nope > > > So, let's agree on what to fix for 3.8.6 and push it out... and once 3.8.6 > out, forget it, no more fixes (unless some really serious regression is > reported, but otherwise nada). > > # Maven 3.9.x > > IMHO, Maven 3.9.0 should wait for resolver 1.8.x (has one remaining PR > ready to merge) as then Maven will get much much more goodness (not only > 1.7.x locking, but also extensible checksums, smart checksums, provided > checksums, DF and BF collector, ability for signature resolution, proper > ignores for artifacts not needed checksums). To make smart checksums usable > for maven, http transport is needed as well (PR as it is no go, it needs to > make Wagon still remain default transport, will fix that). Or, we could > make it as is, and then if anyone has issues or badly wants Wagon, there is > a command line to make it so.... > > So, IMHO, for 3.9.x > > - Port fixes that we decide to be done in 3.8.6 naturally > - Use resolver 1.8.0 (wait for it, one remaining PR merge, released > hopefully very soon) > - Apply https://github.com/apache/maven/pull/635 and decide: keep Wagon > default or not. Also this PR would get rid of shaded stuff as well. > > And that's pretty much it. Keep 3.9.x on regression fixes only (so only if > some serious regression falls in). > > # Maven 4 > > Guillaume already did a huge amount of work that he probably needs help > on, so help him to wrap up things.... > > > > WDYT? > T >
