Yes, but Java world has two good things going for it: - Java world learned early on (thanks to Maven) that released artifacts must be immutable. No exceptions! I've been struck with how that lesson is only very slowly filtering into the Docker and npm world, if at all yet. And yes, they have been bitten by it. Both of them. - Maven Central has always insisted on some quite heavy vetting principles. I cannot get permission to publish into a namespace I don't own. In the pursuit of eco-system growth many of those other communities have ignored such principles. (In the Java world: I'm not overly saddened by JFrog's decision to shut down Bintray for this same reason)
/Lars On Thu, Feb 11, 2021 at 9:57 PM John Kostaras <[email protected]> wrote: > > I thought I would share. It doesn't address java, but it could be done in > maven or netbeans repos, too. > https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
