Hey all, This email is about the build issues we've had recently due to duplicate releases of some of our "cuvs" dependencies. If you're unfamiliar with the issue or hazy on the details, I've included a link to an earlier mailing-list thread that summarizes things pretty well. [1]
Previous discussions of the issue have chalked errors in the "validateJarChecksums" task up to Gradle cache that has become "poisoned" with the wrong copy of the jar. And a lot of folks have been able to work around things by deleting their Gradle cache (i.e. rm -rf ~/.gradle/caches) and then re-running. But this doesn't work for everyone. I continue to hit the issue on two separate machines. Anna Rugero and Anshum have also reported seeing the issue. Some sort of fix is still needed here. [2] Could we ask the folks responsible for these cuv libraries to put out a bugfix release so that we can avoid relying on the duplicate-jar? Or if that's not possible, would folks be OK with modifying the "validateJarChecksum" task to skip over any "cuvs"-related jars until a release happens? Not tied to those ideas in particular, just trying to get some ideas out there that we can iterate on. Let's get this fixed, both for our CI jobs and to improve things for the developers impacted! [1] https://lists.apache.org/thread/k0l7hj81zx3tnhn62l30tnlsw6zl79jl [2] Slack discussion and example error message: https://the-asf.slack.com/archives/CEKUCUNE9/p1761911559284769?thread_ts=1761846399.694319&cid=CEKUCUNE9 Best, Jason --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
