The previous system was a bit more solid if only because you also saved the hash in the dependency. So after download you could do an automated integrity check.
The Maven groupId:artifactId:version does not guarantee you have the same file. Perhaps groupId:artifactId:version:hash should be used instead? Also, is there some (automatic) check during this transition that verifies the binary JAR from http://hg.netbeans.org/binaries and the replacing one from the Maven repository are actually identical? > the NetBeans build currently downloads bits from its own proprietary binary repository. I wouldn't call this "proprietary". It's basically a lib/ folder stored an a public HTTP server. Perhaps 'non-standard' would be the right word but it's a very simple, open and functional system. --emi On Wed, Dec 7, 2016 at 6:13 PM, Jaroslav Tulach <jaroslav.tul...@oracle.com> wrote: > Hi. > As we previously discussed, the NetBeans build currently downloads bits > from > its own proprietary binary repository. I assume it would be better to > download > them directly from Maven (Central) repository. I am willing to implement > such > system. I've created issue > > https://netbeans.org/bugzilla/show_bug.cgi?id=269264 > > to track progress of my work. Feel free to share comments and observations. > > -jt > >
