date:20230519

Hi,

The page on https://maven.apache.org/resolver/maven-3.8.x.html states
that *"Since
version 1.7.0, Maven Resolver requires Java 8 to run and a brand new
default sync context factory has been implemented."*.

Assuming for a moment that Java 8+ is a no-brainer, what does the second
part of that sentence mean? If a plugin would require Java 8+ anyway (or
even Java 11+), would it be possible for a plugin to move past 1.6.x and
still be compatible with Maven 3.8.x or would using any version past 1.6.3
(we are on 1.9.x now) not work with Maven 3.8?

I have a plugin that has resolver api in "provided" scope so it will be
whatever maven will inject into the plugin and the implementation itself is
in compile scope (so it will be bundled with the plugin).

Any pointer appreciated.

-h

Re: maven 3.9.x warnings

Thank you for speaking up. I would encourage others that feel the same way
to speak up as well. I do not believe that the "we ram this through and
hope that at some point all plugins are updated so the warnings die down"
is a viable approach.

This is what I wrote on the PR ("you/your" is @tamas here): *"I very much
disagree with your "my way or the highway" approach. There is a lot of
criticism with the approach to "the purpose". Of course, you can just ram
your approach through and hope for the best. It will not work, as the
changes will break older builds that people do not update and you cause
continuing pain for developers. People will be stuck on 3.9 forever because
"it is the last version that supports that unmaintained foo plugin that I
need for my build and can not move off" and grind their teeth. The answer
will be "we move off maven", not "we fix that plugin"."*

Not going where the users are or actively snubbing your users is a good way
to lose users. 3.9.x so far is a case study on focusing on the maven
developers own needs and snubbing the maven users.

-h


On Fri, May 19, 2023 at 12:33 PM Romain Manni-Bucau 
wrote:

> +1 to make NONE the default, know it defeats the purpose but this feature
> makes end user builds nasty whereas it should help them.
>
> I would also be +1 to make it a help:check-state goal rather than having it
> in maven core where it is quite pointless IMHO as explained in earlier
> threads.
>
> Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
> henn...@schmiedehausen.org> a écrit :
>
> > Hi Gary,
> >
> > Seems we both work in similar places. :-) Looking at
> >
> >
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> > ,
> > it seems that 3.9.3 (whenever that comes) will improve things; the
> default
> > logging is still not great but at least I can add
> > `NONE` to all my
> > projects get back to the pre-3.9.x state. @michaelo might like that as
> > well.
> >
> > @tamas I would have preferred if we did not add a "NONE" setting but made
> > the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> > 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> > state would be the same as it was with maven 3.8.x (which is IMHO the
> right
> > thing to call "default") and everyone who wants to actually log warnings
> > can turn it on.
> >
> > Adding the property above to my poms is a stop-gap, as it emits a warning
> > on pre-3.9.3 maven versions, something that I can not fix because older
> > versions of the build tool are "out there". I could put the property
> under
> > a profile but at that point it feels like fighting the tool.
> >
> > -h
> >
> > (pro-tip: Never call the value for a default setting "default". "default"
> > is a state, not a value. If you want to change the "default" state, you
> are
> > now stuck with a value called "default")
> >
> >
> >
> > On Fri, May 19, 2023 at 11:47 AM Gary Gregory 
> > wrote:
> >
> > > From this user's POV, I feel these warning force me to spin my wheels:
> > If I
> > > have old plugins I can update their versions, and then I still get the
> > > warnings, none of which I can do anything about. I can do something
> about
> > > compiler warnings, I can do nothing about these.
> > >
> > > I am left to explain up and down the food chain with hand handwaving
> why
> > > these warnings are "ok" :-(
> > >
> > > Gary
> > >
> > >
> > > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > > henn...@schmiedehausen.org> wrote:
> > >
> > > > Hi Tamas,
> > > >
> > > > Thanks for the quick response.
> > > >
> > > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák  >
> > > > wrote:
> > > >
> > > > > Howdy,
> > > > >
> > > > > So, have a small local change, probably to go with 3.9.3.
> > > > >
> > > >
> > > > [...]
> > > >
> > > >
> > > > > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > > [WARNING]   Declared at location(s):
> > > > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > > line
> > > > > 145
> > > > > [WARNING]   Used in module(s):
> > > > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > > [WARNING]   Plugin issue(s):
> > > > > [WARNING]* Plugin descriptor should not contain these Maven
> > > > artifacts:
> > > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > > org.apache.maven:maven-core:3.8.4,
> > > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > > org.apache.maven:maven-settings:3.8.4,
> > > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > > org.apache.maven:maven-model:3.8.4]
> > > > >
> > > >
> > > > This has *zero* meaning to the person running the build. And it still
> > > does
> > > > not help the plugin author either. Because they (I) used the

Re: Unreliable TCP and retries for maven publish


Am 2023-05-19 um 23:27 schrieb Finkelman, Jacob:

During a maven publish if the server closes the TCP connection after the upload 
of an asset sometimes the publish will fail with a failed to respond while 
attempting to upload the checksum.


Speaking of checksum, here is your concrete problem: 
https://issues.apache.org/jira/browse/WAGON-572


I guess it would solve your issue.


-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Unreliable TCP and retries for maven publish

2023-05-19 Thread Finkelman, Jacob

During a maven publish if the server closes the TCP connection after the upload
of an asset sometimes the publish will fail with a failed to respond while
attempting to upload the checksum. The correct behavior to wanting to send more
HTTP requests on a closed TCP connection, is to open a new TCP connection. If
the client and server have a low latency connection, say in the same data
center, when the connection is closed a new one appears to reliably be opened.
During higher latency scenarios, in our case when the client and server are on
different continents, maven attempts to reuse the connection that the server
has already closed receiving a failed to respond error about half the time. On
even slower connections we get a Connection or outbound has closed error.

Unfortunately, this connection does not get retried. It immediately fails to
build no matter how many retries are configured. I believe this is the known
https://issues.apache.org/jira/browse/MDEPLOY-162 If these requests were
retried on this error, I suspect the entire situation would not have been a
problem. The lack of retries go through different code paths depending on the
transport implementation.

The wagon transport fails with
org.apache.maven.wagon.providers.http.httpclient.client.NonRepeatableRequestException:
Cannot retry request with a non-repeatable request entity. Fixing the wagon
transport requires changes in maven-wagon and in maven-resolver. In particular
the WagonHttpEntity needs to use a stream supplier in order to be retryable. My
colleague sketched out these changes a year ago. See
https://github.com/mmarston/maven-wagon/commit/4419140ff7794a548f3f9cb9e320fcd20420b5e0
and
https://github.com/mmarston/maven-resolver/commit/cf00080ac546bda588bd86a44f93c037f7638145

The native transport does not have this limitation because when uploading
checksums it uses a PutTaskEntity that is retryable because the PutTask that it
wraps around is essentially a stream supplier.
Here.
For the native transport my colleagues think the issue is that it only
supports retry when the client detects the closed connection before or while
sending the request. But if the client sends the request and then detects the
closed connection while trying to read the response, then it won't retry. In
particular the native transport uses DefaultHttpRequestRetryHandler with
requestSentRetryEnabled set to false (see
here).
One way to fix the native transport is to change requestSentRetryEnabled to
true when constructing DefaultHttpRequestRetryHandler. Another option is to use
StandardHttpRequestRetryHandler instead because it treats PUT requests as
idempotent so will retry a PUT request even when requestSentRetryEnabled is
false.

Oddly, if only one checksum algorithm is selected by using
-Daether.checksums.algorithms=MD5 then the entire build fails on this error but
if two or more algorithms are selected -Daether.checksums.algorithms=MD5,SHA-1
each checksum throws a warning but the overall build succeeds. It seems odd
that the behavior is inconsistent here. I would expect it either to always
throw a warning if a requested checksum failed upload, or to always fail the
build if any checksum failed upload. The behavior with multiple checksums
requested makes it clear that this failed to respond error can be caught by mvn.

Using -Daether.connector.http.reuseConnections=false makes this error go away,
because maven never tries sending data over an existing TCP connection.

I am new to the maven dev community and was not sure what the best practice was
for reporting these kinds of issues. Starting a conversation on the mailing
list seems like a good place to start. What should happen next? Which of these
issues deserve tickets? What more information should I provide and where? What
PRs would be appreciated to help fix the issues?

A stack trace from running "mvn deploy" with Apache Maven 3.9.2
(c9616018c7a021c1c39be70fb2843d6f5f9b8a1c)

org.apache.http.NoHttpResponseException: ...:443 failed to respond
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead
(DefaultHttpResponseParser.java:141)
at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead
(DefaultHttpResponseParser.java:56)
at org.apache.http.impl.io.AbstractMessageParser.parse
(AbstractMessageParser.java:259)
at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader
(DefaultBHttpClientConnection.java:163)
at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader
(CPoolProxy.java:157)
at

Re: maven 3.9.x warnings

2023-05-19 Thread Romain Manni-Bucau

+1 to make NONE the default, know it defeats the purpose but this feature
makes end user builds nasty whereas it should help them.

I would also be +1 to make it a help:check-state goal rather than having it
in maven core where it is quite pointless IMHO as explained in earlier
threads.

Le ven. 19 mai 2023 à 21:17, Henning Schmiedehausen <
henn...@schmiedehausen.org> a écrit :

> Hi Gary,
>
> Seems we both work in similar places. :-) Looking at
>
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82
> ,
> it seems that 3.9.3 (whenever that comes) will improve things; the default
> logging is still not great but at least I can add
> `NONE` to all my
> projects get back to the pre-3.9.x state. @michaelo might like that as
> well.
>
> @tamas I would have preferred if we did not add a "NONE" setting but made
> the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> state would be the same as it was with maven 3.8.x (which is IMHO the right
> thing to call "default") and everyone who wants to actually log warnings
> can turn it on.
>
> Adding the property above to my poms is a stop-gap, as it emits a warning
> on pre-3.9.3 maven versions, something that I can not fix because older
> versions of the build tool are "out there". I could put the property under
> a profile but at that point it feels like fighting the tool.
>
> -h
>
> (pro-tip: Never call the value for a default setting "default". "default"
> is a state, not a value. If you want to change the "default" state, you are
> now stuck with a value called "default")
>
>
>
> On Fri, May 19, 2023 at 11:47 AM Gary Gregory 
> wrote:
>
> > From this user's POV, I feel these warning force me to spin my wheels:
> If I
> > have old plugins I can update their versions, and then I still get the
> > warnings, none of which I can do anything about. I can do something about
> > compiler warnings, I can do nothing about these.
> >
> > I am left to explain up and down the food chain with hand handwaving why
> > these warnings are "ok" :-(
> >
> > Gary
> >
> >
> > On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> > henn...@schmiedehausen.org> wrote:
> >
> > > Hi Tamas,
> > >
> > > Thanks for the quick response.
> > >
> > > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák 
> > > wrote:
> > >
> > > > Howdy,
> > > >
> > > > So, have a small local change, probably to go with 3.9.3.
> > > >
> > >
> > > [...]
> > >
> > >
> > > > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> > > > [WARNING]   Declared at location(s):
> > > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> > line
> > > > 145
> > > > [WARNING]   Used in module(s):
> > > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > > [WARNING]   Plugin issue(s):
> > > > [WARNING]* Plugin descriptor should not contain these Maven
> > > artifacts:
> > > > [org.apache.maven:maven-artifact:3.8.4,
> > > > org.apache.maven:maven-settings-builder:3.8.4,
> > > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > > org.apache.maven:maven-builder-support:3.8.4,
> > > > org.apache.maven:maven-core:3.8.4,
> > > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > > org.apache.maven:maven-settings:3.8.4,
> > > > org.apache.maven:maven-plugin-api:3.8.4,
> > > > org.apache.maven:maven-model-builder:3.8.4,
> > > > org.apache.maven:maven-model:3.8.4]
> > > >
> > >
> > > This has *zero* meaning to the person running the build. And it still
> > does
> > > not help the plugin author either. Because they (I) used the maven tool
> > > chain that was current at the point in time the plugin was created.
> There
> > > is still no actionable advice in here and there is no link to any
> > > documentation that tells a plugin author what the root cause is and
> what
> > to
> > > do. Developers can now either do the "update everything and pray", an
> > > approach that worked exceedingly well with maven dependencies (look at
> > all
> > > the incompatibilities with the 4.0.0-M components) or turn around to
> > the
> > > maven mailing list asking "what should I do".
> > >
> > > You need to write documentation that helps your users. All the error
> > > messages and warnings and "this is wrong, fix it" messages to users do
> > not
> > > help.
> > >
> > > This passive-aggressive attempt to surface problems in an obscure way
> to
> > > the end user and hope that "they file bugs with the plugin authors" is
> a
> > > terrible way to instigate change.
> > >
> > > I understand that there is limited developer time on Maven and this
> looks
> > > tempting as the "simplest path" but all you have accomplished is reduce
> > > trust. "maven suddenly reports problems that were not there before.
> Were
> > > those always there? Are my builds still good? Do my older projects
> still
> > > build?"
> > >
> > > Surfacing non-actionable warnings or errors to a non-audience is a
>

Re: maven 3.9.x warnings

I put https://github.com/apache/maven/pull/1116 together which does exactly
that. It is literally three lines of code.

-h


On Fri, May 19, 2023 at 12:17 PM Henning Schmiedehausen <
henn...@schmiedehausen.org> wrote:

> Hi Gary,
>
> Seems we both work in similar places. :-) Looking at
> https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82,
> it seems that 3.9.3 (whenever that comes) will improve things; the default
> logging is still not great but at least I can add
> `NONE` to all my
> projects get back to the pre-3.9.x state. @michaelo might like that as well.
>
> @tamas I would have preferred if we did not add a "NONE" setting but made
> the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
> 3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
> state would be the same as it was with maven 3.8.x (which is IMHO the right
> thing to call "default") and everyone who wants to actually log warnings
> can turn it on.
>
> Adding the property above to my poms is a stop-gap, as it emits a warning
> on pre-3.9.3 maven versions, something that I can not fix because older
> versions of the build tool are "out there". I could put the property under
> a profile but at that point it feels like fighting the tool.
>
> -h
>
> (pro-tip: Never call the value for a default setting "default". "default"
> is a state, not a value. If you want to change the "default" state, you are
> now stuck with a value called "default")
>
>
>
> On Fri, May 19, 2023 at 11:47 AM Gary Gregory 
> wrote:
>
>> From this user's POV, I feel these warning force me to spin my wheels: If
>> I
>> have old plugins I can update their versions, and then I still get the
>> warnings, none of which I can do anything about. I can do something about
>> compiler warnings, I can do nothing about these.
>>
>> I am left to explain up and down the food chain with hand handwaving why
>> these warnings are "ok" :-(
>>
>> Gary
>>
>>
>> On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
>> henn...@schmiedehausen.org> wrote:
>>
>> > Hi Tamas,
>> >
>> > Thanks for the quick response.
>> >
>> > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák 
>> > wrote:
>> >
>> > > Howdy,
>> > >
>> > > So, have a small local change, probably to go with 3.9.3.
>> > >
>> >
>> > [...]
>> >
>> >
>> > > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
>> > > [WARNING]   Declared at location(s):
>> > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
>> line
>> > > 145
>> > > [WARNING]   Used in module(s):
>> > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> > > [WARNING]   Plugin issue(s):
>> > > [WARNING]* Plugin descriptor should not contain these Maven
>> > artifacts:
>> > > [org.apache.maven:maven-artifact:3.8.4,
>> > > org.apache.maven:maven-settings-builder:3.8.4,
>> > > org.apache.maven:maven-repository-metadata:3.8.4,
>> > > org.apache.maven:maven-builder-support:3.8.4,
>> > > org.apache.maven:maven-core:3.8.4,
>> > > org.apache.maven:maven-resolver-provider:3.8.4,
>> > > org.apache.maven:maven-settings:3.8.4,
>> > > org.apache.maven:maven-plugin-api:3.8.4,
>> > > org.apache.maven:maven-model-builder:3.8.4,
>> > > org.apache.maven:maven-model:3.8.4]
>> > >
>> >
>> > This has *zero* meaning to the person running the build. And it still
>> does
>> > not help the plugin author either. Because they (I) used the maven tool
>> > chain that was current at the point in time the plugin was created.
>> There
>> > is still no actionable advice in here and there is no link to any
>> > documentation that tells a plugin author what the root cause is and
>> what to
>> > do. Developers can now either do the "update everything and pray", an
>> > approach that worked exceedingly well with maven dependencies (look at
>> all
>> > the incompatibilities with the 4.0.0-M components) or turn around to
>> the
>> > maven mailing list asking "what should I do".
>> >
>> > You need to write documentation that helps your users. All the error
>> > messages and warnings and "this is wrong, fix it" messages to users do
>> not
>> > help.
>> >
>> > This passive-aggressive attempt to surface problems in an obscure way to
>> > the end user and hope that "they file bugs with the plugin authors" is a
>> > terrible way to instigate change.
>> >
>> > I understand that there is limited developer time on Maven and this
>> looks
>> > tempting as the "simplest path" but all you have accomplished is reduce
>> > trust. "maven suddenly reports problems that were not there before. Were
>> > those always there? Are my builds still good? Do my older projects still
>> > build?"
>> >
>> > Surfacing non-actionable warnings or errors to a non-audience is a no-no
>> > for any user experience; this is UX 101.
>> >
>> > For Jdbi, I still get complaints
>> > about org.apache.maven.plugins:maven-pmd-plugin,
>> > org.apache.maven.plugins:maven-javadoc-plugin,
>> > org.apache.maven.plugins:maven-source-plugin,
>> >

Re: maven 3.9.x warnings

Hi Gary,

Seems we both work in similar places. :-) Looking at
https://github.com/apache/maven/commit/11d97e64e7e3fbed23d8e98abdd8c015a957ee82,
it seems that 3.9.3 (whenever that comes) will improve things; the default
logging is still not great but at least I can add
`NONE` to all my
projects get back to the pre-3.9.x state. @michaelo might like that as well.

@tamas I would have preferred if we did not add a "NONE" setting but made
the "DEFAULT" value having no logging and replaced what is "DEFAULT" in
3.9.2 with "SUMMARY" or "NORMAL" or something else. That way, the default
state would be the same as it was with maven 3.8.x (which is IMHO the right
thing to call "default") and everyone who wants to actually log warnings
can turn it on.

Adding the property above to my poms is a stop-gap, as it emits a warning
on pre-3.9.3 maven versions, something that I can not fix because older
versions of the build tool are "out there". I could put the property under
a profile but at that point it feels like fighting the tool.

-h

(pro-tip: Never call the value for a default setting "default". "default"
is a state, not a value. If you want to change the "default" state, you are
now stuck with a value called "default")



On Fri, May 19, 2023 at 11:47 AM Gary Gregory 
wrote:

> From this user's POV, I feel these warning force me to spin my wheels: If I
> have old plugins I can update their versions, and then I still get the
> warnings, none of which I can do anything about. I can do something about
> compiler warnings, I can do nothing about these.
>
> I am left to explain up and down the food chain with hand handwaving why
> these warnings are "ok" :-(
>
> Gary
>
>
> On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
> henn...@schmiedehausen.org> wrote:
>
> > Hi Tamas,
> >
> > Thanks for the quick response.
> >
> > On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák 
> > wrote:
> >
> > > Howdy,
> > >
> > > So, have a small local change, probably to go with 3.9.3.
> > >
> >
> > [...]
> >
> >
> > > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> > > [WARNING]   Declared at location(s):
> > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @
> line
> > > 145
> > > [WARNING]   Used in module(s):
> > > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > > [WARNING]   Plugin issue(s):
> > > [WARNING]* Plugin descriptor should not contain these Maven
> > artifacts:
> > > [org.apache.maven:maven-artifact:3.8.4,
> > > org.apache.maven:maven-settings-builder:3.8.4,
> > > org.apache.maven:maven-repository-metadata:3.8.4,
> > > org.apache.maven:maven-builder-support:3.8.4,
> > > org.apache.maven:maven-core:3.8.4,
> > > org.apache.maven:maven-resolver-provider:3.8.4,
> > > org.apache.maven:maven-settings:3.8.4,
> > > org.apache.maven:maven-plugin-api:3.8.4,
> > > org.apache.maven:maven-model-builder:3.8.4,
> > > org.apache.maven:maven-model:3.8.4]
> > >
> >
> > This has *zero* meaning to the person running the build. And it still
> does
> > not help the plugin author either. Because they (I) used the maven tool
> > chain that was current at the point in time the plugin was created. There
> > is still no actionable advice in here and there is no link to any
> > documentation that tells a plugin author what the root cause is and what
> to
> > do. Developers can now either do the "update everything and pray", an
> > approach that worked exceedingly well with maven dependencies (look at
> all
> > the incompatibilities with the 4.0.0-M components) or turn around to
> the
> > maven mailing list asking "what should I do".
> >
> > You need to write documentation that helps your users. All the error
> > messages and warnings and "this is wrong, fix it" messages to users do
> not
> > help.
> >
> > This passive-aggressive attempt to surface problems in an obscure way to
> > the end user and hope that "they file bugs with the plugin authors" is a
> > terrible way to instigate change.
> >
> > I understand that there is limited developer time on Maven and this looks
> > tempting as the "simplest path" but all you have accomplished is reduce
> > trust. "maven suddenly reports problems that were not there before. Were
> > those always there? Are my builds still good? Do my older projects still
> > build?"
> >
> > Surfacing non-actionable warnings or errors to a non-audience is a no-no
> > for any user experience; this is UX 101.
> >
> > For Jdbi, I still get complaints
> > about org.apache.maven.plugins:maven-pmd-plugin,
> > org.apache.maven.plugins:maven-javadoc-plugin,
> > org.apache.maven.plugins:maven-source-plugin,
> > org.apache.maven.plugins:maven-dependency-plugin.
> > So even the official maven plugins have not gotten this right. Of course
> > you can say "time heals all wounds". That is not true, because there is
> > attrition by people switching tools. Heck, the ASF is now running a
> gradle
> > enterprise server.
> >
> > You need to turn all of these warnings *OFF* and document the

Re: maven 3.9.x warnings

2023-05-19 Thread Gary Gregory

>From this user's POV, I feel these warning force me to spin my wheels: If I
have old plugins I can update their versions, and then I still get the
warnings, none of which I can do anything about. I can do something about
compiler warnings, I can do nothing about these.

I am left to explain up and down the food chain with hand handwaving why
these warnings are "ok" :-(

Gary


On Fri, May 19, 2023, 14:15 Henning Schmiedehausen <
henn...@schmiedehausen.org> wrote:

> Hi Tamas,
>
> Thanks for the quick response.
>
> On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák 
> wrote:
>
> > Howdy,
> >
> > So, have a small local change, probably to go with 3.9.3.
> >
>
> [...]
>
>
> > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> > [WARNING]   Declared at location(s):
> > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> > 145
> > [WARNING]   Used in module(s):
> > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > [WARNING]   Plugin issue(s):
> > [WARNING]* Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-artifact:3.8.4,
> > org.apache.maven:maven-settings-builder:3.8.4,
> > org.apache.maven:maven-repository-metadata:3.8.4,
> > org.apache.maven:maven-builder-support:3.8.4,
> > org.apache.maven:maven-core:3.8.4,
> > org.apache.maven:maven-resolver-provider:3.8.4,
> > org.apache.maven:maven-settings:3.8.4,
> > org.apache.maven:maven-plugin-api:3.8.4,
> > org.apache.maven:maven-model-builder:3.8.4,
> > org.apache.maven:maven-model:3.8.4]
> >
>
> This has *zero* meaning to the person running the build. And it still does
> not help the plugin author either. Because they (I) used the maven tool
> chain that was current at the point in time the plugin was created. There
> is still no actionable advice in here and there is no link to any
> documentation that tells a plugin author what the root cause is and what to
> do. Developers can now either do the "update everything and pray", an
> approach that worked exceedingly well with maven dependencies (look at all
> the incompatibilities with the 4.0.0-M components) or turn around to the
> maven mailing list asking "what should I do".
>
> You need to write documentation that helps your users. All the error
> messages and warnings and "this is wrong, fix it" messages to users do not
> help.
>
> This passive-aggressive attempt to surface problems in an obscure way to
> the end user and hope that "they file bugs with the plugin authors" is a
> terrible way to instigate change.
>
> I understand that there is limited developer time on Maven and this looks
> tempting as the "simplest path" but all you have accomplished is reduce
> trust. "maven suddenly reports problems that were not there before. Were
> those always there? Are my builds still good? Do my older projects still
> build?"
>
> Surfacing non-actionable warnings or errors to a non-audience is a no-no
> for any user experience; this is UX 101.
>
> For Jdbi, I still get complaints
> about org.apache.maven.plugins:maven-pmd-plugin,
> org.apache.maven.plugins:maven-javadoc-plugin,
> org.apache.maven.plugins:maven-source-plugin,
> org.apache.maven.plugins:maven-dependency-plugin.
> So even the official maven plugins have not gotten this right. Of course
> you can say "time heals all wounds". That is not true, because there is
> attrition by people switching tools. Heck, the ASF is now running a gradle
> enterprise server.
>
> You need to turn all of these warnings *OFF* and document the existence of
> the switch *and* give developer documentation what you expect plugin users
> *to do*. And then evangelize that. That will get your allies (which are the
> plugin authors that will *want* to fix the problems) to help you.  Not
> throw out another release with slightly tweaked warnings.
>
> Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
> a, by definition, fully backwards compatible release of Apache Maven 3.x.
> If you need a journey, then release Maven 4.0.0 as that stepping stone and
> then 5.0 as a backwards incompatible version. Maven 4 has been in
> development for many years and developer uptake will take a long time,
> especially if all old builds break left and right. You may even end up
> having to call it "mvn4" and not "mvn" to not break build scripts in
> countless organizations.
>
> -h
>
>
> >
>

Re: maven 3.9.x warnings


Am 2023-05-19 um 20:15 schrieb Henning Schmiedehausen:

Hi Tamas,
You need to write documentation that helps your users. All the error
messages and warnings and "this is wrong, fix it" messages to users do not
help.

This passive-aggressive attempt to surface problems in an obscure way to
the end user and hope that "they file bugs with the plugin authors" is a
terrible way to instigate change.


+1


I understand that there is limited developer time on Maven and this looks
tempting as the "simplest path" but all you have accomplished is reduce
trust. "maven suddenly reports problems that were not there before. Were
those always there? Are my builds still good? Do my older projects still
build?"

Surfacing non-actionable warnings or errors to a non-audience is a no-no
for any user experience; this is UX 101.



You need to turn all of these warnings *OFF* and document the existence of
the switch *and* give developer documentation what you expect plugin users
*to do*. And then evangelize that. That will get your allies (which are the
plugin authors that will *want* to fix the problems) to help you.  Not
throw out another release with slightly tweaked warnings.


I agree with these as well.


Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
a, by definition, fully backwards compatible release of Apache Maven 3.x.
If you need a journey, then release Maven 4.0.0 as that stepping stone and
then 5.0 as a backwards incompatible version. Maven 4 has been in
development for many years and developer uptake will take a long time,
especially if all old builds break left and right. You may even end up
having to call it "mvn4" and not "mvn" to not break build scripts in
countless organizations.


Therefore, I stay on Maven 3.8.x for now.

M

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: maven 3.9.x warnings

Hi Tamas,

Thanks for the quick response.

On Fri, May 19, 2023 at 2:35 AM Tamás Cservenák  wrote:

> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>

[...]

> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>

This has *zero* meaning to the person running the build. And it still does
not help the plugin author either. Because they (I) used the maven tool
chain that was current at the point in time the plugin was created. There
is still no actionable advice in here and there is no link to any
documentation that tells a plugin author what the root cause is and what to
do. Developers can now either do the "update everything and pray", an
approach that worked exceedingly well with maven dependencies (look at all
the incompatibilities with the 4.0.0-M components) or turn around to the
maven mailing list asking "what should I do".

You need to write documentation that helps your users. All the error
messages and warnings and "this is wrong, fix it" messages to users do not
help.

This passive-aggressive attempt to surface problems in an obscure way to
the end user and hope that "they file bugs with the plugin authors" is a
terrible way to instigate change.

I understand that there is limited developer time on Maven and this looks
tempting as the "simplest path" but all you have accomplished is reduce
trust. "maven suddenly reports problems that were not there before. Were
those always there? Are my builds still good? Do my older projects still
build?"

Surfacing non-actionable warnings or errors to a non-audience is a no-no
for any user experience; this is UX 101.

For Jdbi, I still get complaints
about org.apache.maven.plugins:maven-pmd-plugin,
org.apache.maven.plugins:maven-javadoc-plugin,
org.apache.maven.plugins:maven-source-plugin,
org.apache.maven.plugins:maven-dependency-plugin.
So even the official maven plugins have not gotten this right. Of course
you can say "time heals all wounds". That is not true, because there is
attrition by people switching tools. Heck, the ASF is now running a gradle
enterprise server.

You need to turn all of these warnings *OFF* and document the existence of
the switch *and* give developer documentation what you expect plugin users
*to do*. And then evangelize that. That will get your allies (which are the
plugin authors that will *want* to fix the problems) to help you.  Not
throw out another release with slightly tweaked warnings.

Calling "maven 3.9 is about the journey to 4.0" is ridiculous. Maven 3.9 is
a, by definition, fully backwards compatible release of Apache Maven 3.x.
If you need a journey, then release Maven 4.0.0 as that stepping stone and
then 5.0 as a backwards incompatible version. Maven 4 has been in
development for many years and developer uptake will take a long time,
especially if all old builds break left and right. You may even end up
having to call it "mvn4" and not "mvn" to not break build scripts in
countless organizations.

-h

>

Re: [VOTE] Release Maven Checkstyle Plugin version 3.3.0

2023-05-19 Thread Sylwester Lachiewicz

+1

pt., 19 maj 2023, 19:11 użytkownik Tamás Cservenák 
napisał:

> +1
>
> On Fri, May 19, 2023 at 3:49 PM Michael Osipov 
> wrote:
>
> > Hi,
> >
> > we solved 4 issues:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317223=12353164
> >
> > There are still a couple of issues left in JIRA:
> >
> >
> https://issues.apache.org/jira/issues/?jql=project+%3D+MCHECKSTYLE+AND+resolution+%3D+Unresolved
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-1946/
> >
> >
> https://repository.apache.org/content/repositories/maven-1946/org/apache/maven/plugins/maven-checkstyle-plugin/3.3.0/maven-checkstyle-plugin-3.3.0-source-release.zip
> >
> > Source release checksum(s):
> > maven-checkstyle-plugin-3.3.0-source-release.zip
> > sha512:
> >
> >
> c27aa2dbc287764e097ab044a2780fc52e1afcf4a00a93793156df285f6595ed327fca1638a566c7673b3221dd2b98ee4d6ff54d1e93c5963f95ea0f58018067
> >
> > Staging site:
> >
> https://maven.apache.org/plugins-archives/maven-checkstyle-plugin-LATEST/
> >
> > Guide to testing staged releases:
> > https://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72 hours.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
>

Re: [VOTE] Release Maven Checkstyle Plugin version 3.3.0

+1

On Fri, May 19, 2023 at 3:49 PM Michael Osipov  wrote:

> Hi,
>
> we solved 4 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317223=12353164
>
> There are still a couple of issues left in JIRA:
>
> https://issues.apache.org/jira/issues/?jql=project+%3D+MCHECKSTYLE+AND+resolution+%3D+Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1946/
>
> https://repository.apache.org/content/repositories/maven-1946/org/apache/maven/plugins/maven-checkstyle-plugin/3.3.0/maven-checkstyle-plugin-3.3.0-source-release.zip
>
> Source release checksum(s):
> maven-checkstyle-plugin-3.3.0-source-release.zip
> sha512:
>
> c27aa2dbc287764e097ab044a2780fc52e1afcf4a00a93793156df285f6595ed327fca1638a566c7673b3221dd2b98ee4d6ff54d1e93c5963f95ea0f58018067
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-checkstyle-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

Re: [VOTE] Release Maven Checkstyle Plugin version 3.3.0

2023-05-19 Thread Slawomir Jaranowski

+1

pt., 19 maj 2023 o 15:49 Michael Osipov  napisał(a):

> Hi,
>
> we solved 4 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317223=12353164
>
> There are still a couple of issues left in JIRA:
>
> https://issues.apache.org/jira/issues/?jql=project+%3D+MCHECKSTYLE+AND+resolution+%3D+Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1946/
>
> https://repository.apache.org/content/repositories/maven-1946/org/apache/maven/plugins/maven-checkstyle-plugin/3.3.0/maven-checkstyle-plugin-3.3.0-source-release.zip
>
> Source release checksum(s):
> maven-checkstyle-plugin-3.3.0-source-release.zip
> sha512:
>
> c27aa2dbc287764e097ab044a2780fc52e1afcf4a00a93793156df285f6595ed327fca1638a566c7673b3221dd2b98ee4d6ff54d1e93c5963f95ea0f58018067
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-checkstyle-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

-- 
Sławomir Jaranowski

Re: [VOTE] Release Maven Dependency Plugin version 3.6.0

2023-05-19 Thread Guillaume Nodet

+1

Le ven. 19 mai 2023 à 16:08, Michael Osipov  a écrit :

> Hi,
>
> we solved 17 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227=12352921
>
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/projects/MDEP/issues
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1947/
>
> https://repository.apache.org/content/repositories/maven-1947/org/apache/maven/plugins/maven-dependency-plugin/3.6.0/maven-dependency-plugin-3.6.0-source-release.zip
>
> Source release checksum(s):
> maven-dependency-plugin-3.6.0-source-release.zip
> sha512:
>
> b0ddd1bd9c1c90ac9836ef2b74a70326782895710f649333ab344f20217e363cd52ed93d209c3f284f2d1e1f12f21f3cc3374ea5e52092e61e9c68415d60bdeb
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

-- 

Guillaume Nodet

Re: [VOTE] Release Maven Dependency Plugin version 3.6.0

+1

On Fri, May 19, 2023, 16:08 Michael Osipov  wrote:

> Hi,
>
> we solved 17 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227=12352921
>
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/projects/MDEP/issues
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1947/
>
> https://repository.apache.org/content/repositories/maven-1947/org/apache/maven/plugins/maven-dependency-plugin/3.6.0/maven-dependency-plugin-3.6.0-source-release.zip
>
> Source release checksum(s):
> maven-dependency-plugin-3.6.0-source-release.zip
> sha512:
>
> b0ddd1bd9c1c90ac9836ef2b74a70326782895710f649333ab344f20217e363cd52ed93d209c3f284f2d1e1f12f21f3cc3374ea5e52092e61e9c68415d60bdeb
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

Re: [VOTE] Release Maven Dependency Plugin version 3.6.0

2023-05-19 Thread Sylwester Lachiewicz

+1

pt., 19 maj 2023, 18:28 użytkownik Slawomir Jaranowski <
s.jaranow...@gmail.com> napisał:

> +1
>
> pt., 19 maj 2023 o 16:08 Michael Osipov  napisał(a):
>
> > Hi,
> >
> > we solved 17 issues:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227=12352921
> >
> > There are still a couple of issues left in JIRA:
> > https://issues.apache.org/jira/projects/MDEP/issues
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-1947/
> >
> >
> https://repository.apache.org/content/repositories/maven-1947/org/apache/maven/plugins/maven-dependency-plugin/3.6.0/maven-dependency-plugin-3.6.0-source-release.zip
> >
> > Source release checksum(s):
> > maven-dependency-plugin-3.6.0-source-release.zip
> > sha512:
> >
> >
> b0ddd1bd9c1c90ac9836ef2b74a70326782895710f649333ab344f20217e363cd52ed93d209c3f284f2d1e1f12f21f3cc3374ea5e52092e61e9c68415d60bdeb
> >
> > Staging site:
> >
> https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/
> >
> > Guide to testing staged releases:
> > https://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72 hours.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
>
> --
> Sławomir Jaranowski
>

Re: [VOTE] Release Maven Dependency Plugin version 3.6.0

2023-05-19 Thread Slawomir Jaranowski

+1

pt., 19 maj 2023 o 16:08 Michael Osipov  napisał(a):

> Hi,
>
> we solved 17 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227=12352921
>
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/projects/MDEP/issues
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1947/
>
> https://repository.apache.org/content/repositories/maven-1947/org/apache/maven/plugins/maven-dependency-plugin/3.6.0/maven-dependency-plugin-3.6.0-source-release.zip
>
> Source release checksum(s):
> maven-dependency-plugin-3.6.0-source-release.zip
> sha512:
>
> b0ddd1bd9c1c90ac9836ef2b74a70326782895710f649333ab344f20217e363cd52ed93d209c3f284f2d1e1f12f21f3cc3374ea5e52092e61e9c68415d60bdeb
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

-- 
Sławomir Jaranowski

[VOTE] Release Maven Dependency Plugin version 3.6.0


Hi,

we solved 17 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227=12352921

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/projects/MDEP/issues

Staging repo:
https://repository.apache.org/content/repositories/maven-1947/
https://repository.apache.org/content/repositories/maven-1947/org/apache/maven/plugins/maven-dependency-plugin/3.6.0/maven-dependency-plugin-3.6.0-source-release.zip

Source release checksum(s):
maven-dependency-plugin-3.6.0-source-release.zip
sha512: 
b0ddd1bd9c1c90ac9836ef2b74a70326782895710f649333ab344f20217e363cd52ed93d209c3f284f2d1e1f12f21f3cc3374ea5e52092e61e9c68415d60bdeb


Staging site:
https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/

Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72 hours.

[ ] +1
[ ] +0
[ ] -1

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: maven 3.9.x warnings

3rd PR:
https://github.com/apache/maven/pull/1114

On Fri, May 19, 2023 at 3:03 PM Jeremy Landis 
wrote:

> I think the warnings in general have thus far been a good thing.  The
> level of plugins reacting now and people reporting issues is very clear.
> I'd suspect this to die down in next month or two as these flush themselves
> out and really maven 3.9.x is all about journey to maven 4 so this IMO is
> kind of expected noise for the most part.  There are definitely some
> improvements to be had in general though.
>
> -Original Message-
> From: Tamás Cservenák 
> Sent: Friday, May 19, 2023 5:44 AM
> To: Maven Developers List 
> Subject: Re: maven 3.9.x warnings
>
> FTR, issue (and PR linked to it)
> https://issues.apache.org/jira/browse/MNG-7786
>
> On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák 
> wrote:
>
> > Howdy,
> >
> > So, have a small local change, probably to go with 3.9.3.
> >
> > changes:
> > - message modified, it is now clear that it is "plugin descriptor"
> > that contains unwanted artifacts
> > - added new check that "checks reality", the plugin resolved
> > dependencies
> >
> > So, now messages on JDBI project look like this (two examples):
> >
> > [WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> > [WARNING]   Declared at location(s):
> > [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> > 270
> > [WARNING]   Used in module(s):
> > [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> > [WARNING]   Plugin issue(s):
> > [WARNING]* Plugin should declare these Maven artifacts in `provided`
> > scope: [org.apache.maven:maven-core:3.0.5,
> > org.apache.maven:maven-plugin-api:3.0.5]
> > [WARNING]* Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-model-builder:3.0.5,
> > org.apache.maven:maven-core:3.0.5,
> > org.apache.maven:maven-plugin-api:3.0.5,
> > org.apache.maven:maven-model:3.0.5,
> > org.apache.maven:maven-settings:3.0.5,
> > org.apache.maven:maven-artifact:3.0.5,
> > org.apache.maven:maven-repository-metadata:3.0.5,
> > org.apache.maven:maven-aether-provider:3.0.5,
> > org.apache.maven:maven-settings-builder:3.0.5]
> > [WARNING]* Plugin depends on plexus-container-default, which is EOL
> > [WARNING]
> > [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> > [WARNING]   Declared at location(s):
> > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> > 145
> > [WARNING]   Used in module(s):
> > [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> > [WARNING]   Plugin issue(s):
> > [WARNING]* Plugin descriptor should not contain these Maven
> artifacts:
> > [org.apache.maven:maven-artifact:3.8.4,
> > org.apache.maven:maven-settings-builder:3.8.4,
> > org.apache.maven:maven-repository-metadata:3.8.4,
> > org.apache.maven:maven-builder-support:3.8.4,
> > org.apache.maven:maven-core:3.8.4,
> > org.apache.maven:maven-resolver-provider:3.8.4,
> > org.apache.maven:maven-settings:3.8.4,
> > org.apache.maven:maven-plugin-api:3.8.4,
> > org.apache.maven:maven-model-builder:3.8.4,
> > org.apache.maven:maven-model:3.8.4]
> >
> > Problems of asciidoctor-maven-plugin:2.2.3:
> > 1. does not declare scopes properly:
> > https://githu/
> > b.com%2Fasciidoctor%2Fasciidoctor-maven-plugin%2Fblob%2Fasciidoctor-ma
> > ven-plugin-2.2.3%2Fpom.xml%23L108-L117=05%7C01%7C%7Cb5a8f5bb7b844
> > cd2570308db584da53f%7C84df9e7fe9f640afb435%7C1%7C0%7C63820
> > 0862731215175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=SYt1ID9TOd8rW
> > z2wrFGoIroD37NUNbmJmla%2Fyjo6g1M%3D=0
> > 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all
> > the listed artifacts, reason is problem in bullet 1: they are not in
> > provided, hence in descriptor full transitive hull is present
> >
> > Problems of inline-maven-plugin:1.0.1
> > 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
> >
> >
> > Thanks
> > T
> >
> > On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
> > wrote:
> >
> >> Henning, your do have open option to go:
> >>
> >> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> >> (suffers from
> >> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent
> one.
> >>
> >> OTOH, this issue revealed a validation issue:
> >> - it relies on pluginDescriptor/dependencies to perform validation
> >> (that contains wrong entries due MPLUGIN-382)
> >> - we may want to validate the "reality" (plugin POM directly, instead
> >> of derived plugin descriptor that is built out of plugin POM at build
> >> time by maven-plugin-plugin, that may have bug as in this case)
> >>
> >> So, in this case we have an interesting situation:
> >> - your inline project POM is good
> >> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> >> plugin
> >> descriptor)
> >> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> >> reports

[VOTE] Release Maven Checkstyle Plugin version 3.3.0


Hi,

we solved 4 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317223=12353164

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project+%3D+MCHECKSTYLE+AND+resolution+%3D+Unresolved

Staging repo:
https://repository.apache.org/content/repositories/maven-1946/
https://repository.apache.org/content/repositories/maven-1946/org/apache/maven/plugins/maven-checkstyle-plugin/3.3.0/maven-checkstyle-plugin-3.3.0-source-release.zip

Source release checksum(s):
maven-checkstyle-plugin-3.3.0-source-release.zip
sha512: 
c27aa2dbc287764e097ab044a2780fc52e1afcf4a00a93793156df285f6595ed327fca1638a566c7673b3221dd2b98ee4d6ff54d1e93c5963f95ea0f58018067


Staging site:
https://maven.apache.org/plugins-archives/maven-checkstyle-plugin-LATEST/

Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72 hours.

[ ] +1
[ ] +0
[ ] -1

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: maven 3.9.x warnings

Howdy,

so far I have PRs:
Fix for Henning case (make the message clear that it is descriptor)
https://github.com/apache/maven/pull/1112
Adding new modes https://github.com/apache/maven/pull/1113

Will see for that one as well.

T

On Fri, May 19, 2023 at 2:58 PM Jeremy Landis 
wrote:

> While you are at it, could you change the warnings to show just before the
> final status of the build?  Some projects at least in VERBOSE have so many
> warnings that it makes it much harder to know the project built
> successfully.
>
> ATM it's something like this.
>
> ...Status successful build...
> Now a bunch of warnings
>
> I think for clarity that just needs to be flipped to.
>
> ...bunch of warnings...
> Status of the build
>
> -Original Message-
> From: Tamás Cservenák 
> Sent: Friday, May 19, 2023 5:35 AM
> To: Maven Developers List 
> Subject: Re: maven 3.9.x warnings
>
> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor" that
> contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING]* Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
>
> https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
> listed artifacts, reason is problem in bullet 1: they are not in provided,
> hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
> wrote:
>
> > Henning, your do have open option to go:
> >
> > in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> > (suffers from
> > https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
> >
> > OTOH, this issue revealed a validation issue:
> > - it relies on pluginDescriptor/dependencies to perform validation
> > (that contains wrong entries due MPLUGIN-382)
> > - we may want to validate the "reality" (plugin POM directly, instead
> > of derived plugin descriptor that is built out of plugin POM at build
> > time by maven-plugin-plugin, that may have bug as in this case)
> >
> > So, in this case we have an interesting situation:
> > - your inline project POM is good
> > - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> > plugin
> > descriptor)
> > - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> > reports "plugin as wrong"
> >
> > Your option is to upgrade m-plugin-p to (possibly latest) version and
> > release.
> >
> > Our option for the next Maven is probably to reconsider the data set
> > we validate from.
> >
> > Thanks
> > T
> >
> >
> >
> > On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> > henn...@schmiedehausen.org> wrote:
> >
> >> From maven 3.9.2:
> >>
> >> [WARNING]  *

RE: maven 3.9.x warnings

2023-05-19 Thread Jeremy Landis

I think the warnings in general have thus far been a good thing.  The level of 
plugins reacting now and people reporting issues is very clear.  I'd suspect 
this to die down in next month or two as these flush themselves out and really 
maven 3.9.x is all about journey to maven 4 so this IMO is kind of expected 
noise for the most part.  There are definitely some improvements to be had in 
general though.

-Original Message-
From: Tamás Cservenák 
Sent: Friday, May 19, 2023 5:44 AM
To: Maven Developers List 
Subject: Re: maven 3.9.x warnings

FTR, issue (and PR linked to it)
https://issues.apache.org/jira/browse/MNG-7786

On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák 
wrote:

> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor"
> that contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved
> dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5,
> org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING]* Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
> https://githu/
> b.com%2Fasciidoctor%2Fasciidoctor-maven-plugin%2Fblob%2Fasciidoctor-ma
> ven-plugin-2.2.3%2Fpom.xml%23L108-L117=05%7C01%7C%7Cb5a8f5bb7b844
> cd2570308db584da53f%7C84df9e7fe9f640afb435%7C1%7C0%7C63820
> 0862731215175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=SYt1ID9TOd8rW
> z2wrFGoIroD37NUNbmJmla%2Fyjo6g1M%3D=0
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all
> the listed artifacts, reason is problem in bullet 1: they are not in
> provided, hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
> wrote:
>
>> Henning, your do have open option to go:
>>
>> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
>> (suffers from
>> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
>>
>> OTOH, this issue revealed a validation issue:
>> - it relies on pluginDescriptor/dependencies to perform validation
>> (that contains wrong entries due MPLUGIN-382)
>> - we may want to validate the "reality" (plugin POM directly, instead
>> of derived plugin descriptor that is built out of plugin POM at build
>> time by maven-plugin-plugin, that may have bug as in this case)
>>
>> So, in this case we have an interesting situation:
>> - your inline project POM is good
>> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
>> plugin
>> descriptor)
>> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
>> reports "plugin as wrong"
>>
>> Your option is to upgrade m-plugin-p to (possibly latest) version and
>> release.
>>
>> Our option for the next Maven is probably to reconsider the data set
>> we validate from.
>>
>> Thanks
>> T
>>
>>
>>
>> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
>> henn...@schmiedehausen.org> wrote:
>>
>>> From

RE: maven 3.9.x warnings

2023-05-19 Thread Jeremy Landis

While you are at it, could you change the warnings to show just before the 
final status of the build?  Some projects at least in VERBOSE have so many 
warnings that it makes it much harder to know the project built successfully.

ATM it's something like this.

...Status successful build...
Now a bunch of warnings

I think for clarity that just needs to be flipped to.

...bunch of warnings...
Status of the build

-Original Message-
From: Tamás Cservenák 
Sent: Friday, May 19, 2023 5:35 AM
To: Maven Developers List 
Subject: Re: maven 3.9.x warnings

Howdy,

So, have a small local change, probably to go with 3.9.3.

changes:
- message modified, it is now clear that it is "plugin descriptor" that 
contains unwanted artifacts
- added new check that "checks reality", the plugin resolved dependencies

So, now messages on JDBI project look like this (two examples):

[WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
[WARNING]   Declared at location(s):
[WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line 270
[WARNING]   Used in module(s):
[WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
[WARNING]   Plugin issue(s):
[WARNING]* Plugin should declare these Maven artifacts in `provided`
scope: [org.apache.maven:maven-core:3.0.5,
org.apache.maven:maven-plugin-api:3.0.5]
[WARNING]* Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-model-builder:3.0.5,
org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
org.apache.maven:maven-artifact:3.0.5,
org.apache.maven:maven-repository-metadata:3.0.5,
org.apache.maven:maven-aether-provider:3.0.5,
org.apache.maven:maven-settings-builder:3.0.5]
[WARNING]* Plugin depends on plexus-container-default, which is EOL
[WARNING]
[WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
[WARNING]   Declared at location(s):
[WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145
[WARNING]   Used in module(s):
[WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
[WARNING]   Plugin issue(s):
[WARNING]* Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-artifact:3.8.4,
org.apache.maven:maven-settings-builder:3.8.4,
org.apache.maven:maven-repository-metadata:3.8.4,
org.apache.maven:maven-builder-support:3.8.4,
org.apache.maven:maven-core:3.8.4,
org.apache.maven:maven-resolver-provider:3.8.4,
org.apache.maven:maven-settings:3.8.4,
org.apache.maven:maven-plugin-api:3.8.4,
org.apache.maven:maven-model-builder:3.8.4,
org.apache.maven:maven-model:3.8.4]

Problems of asciidoctor-maven-plugin:2.2.3:
1. does not declare scopes properly:
https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the listed 
artifacts, reason is problem in bullet 1: they are not in provided, hence in 
descriptor full transitive hull is present

Problems of inline-maven-plugin:1.0.1
1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)


Thanks
T

On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
wrote:

> Henning, your do have open option to go:
>
> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
> (suffers from
> https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one.
>
> OTOH, this issue revealed a validation issue:
> - it relies on pluginDescriptor/dependencies to perform validation
> (that contains wrong entries due MPLUGIN-382)
> - we may want to validate the "reality" (plugin POM directly, instead
> of derived plugin descriptor that is built out of plugin POM at build
> time by maven-plugin-plugin, that may have bug as in this case)
>
> So, in this case we have an interesting situation:
> - your inline project POM is good
> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong
> plugin
> descriptor)
> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
> reports "plugin as wrong"
>
> Your option is to upgrade m-plugin-p to (possibly latest) version and
> release.
>
> Our option for the next Maven is probably to reconsider the data set
> we validate from.
>
> Thanks
> T
>
>
>
> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> henn...@schmiedehausen.org> wrote:
>
>> From maven 3.9.2:
>>
>> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
>> [WARNING]   Declared at location(s):
>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>> 145
>> [WARNING]   Used in module(s):
>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> [WARNING]   Plugin issue(s):
>> [WARNING]* Plugin should declare these Maven artifacts in `*provided*`
>> scope: [
>>   org.apache.maven:maven-artifact:3.8.4,
>>   org.apache.maven:maven-settings-builder:3.8.4,
>>   org.apache.maven:maven-repository-metadata:3.8.4,
>>

Re: maven 3.9.x warnings

FTR, issue (and PR linked to it)
https://issues.apache.org/jira/browse/MNG-7786

On Fri, May 19, 2023 at 11:35 AM Tamás Cservenák 
wrote:

> Howdy,
>
> So, have a small local change, probably to go with 3.9.3.
>
> changes:
> - message modified, it is now clear that it is "plugin descriptor" that
> contains unwanted artifacts
> - added new check that "checks reality", the plugin resolved dependencies
>
> So, now messages on JDBI project look like this (two examples):
>
> [WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line
> 270
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin should declare these Maven artifacts in `provided`
> scope: [org.apache.maven:maven-core:3.0.5,
> org.apache.maven:maven-plugin-api:3.0.5]
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-model-builder:3.0.5,
> org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
> org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
> org.apache.maven:maven-artifact:3.0.5,
> org.apache.maven:maven-repository-metadata:3.0.5,
> org.apache.maven:maven-aether-provider:3.0.5,
> org.apache.maven:maven-settings-builder:3.0.5]
> [WARNING]* Plugin depends on plexus-container-default, which is EOL
> [WARNING]
> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
> [WARNING]   Declared at location(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
> 145
> [WARNING]   Used in module(s):
> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
> [WARNING]   Plugin issue(s):
> [WARNING]* Plugin descriptor should not contain these Maven artifacts:
> [org.apache.maven:maven-artifact:3.8.4,
> org.apache.maven:maven-settings-builder:3.8.4,
> org.apache.maven:maven-repository-metadata:3.8.4,
> org.apache.maven:maven-builder-support:3.8.4,
> org.apache.maven:maven-core:3.8.4,
> org.apache.maven:maven-resolver-provider:3.8.4,
> org.apache.maven:maven-settings:3.8.4,
> org.apache.maven:maven-plugin-api:3.8.4,
> org.apache.maven:maven-model-builder:3.8.4,
> org.apache.maven:maven-model:3.8.4]
>
> Problems of asciidoctor-maven-plugin:2.2.3:
> 1. does not declare scopes properly:
> https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
> 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
> listed artifacts, reason is problem in bullet 1: they are not in provided,
> hence in descriptor full transitive hull is present
>
> Problems of inline-maven-plugin:1.0.1
> 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)
>
>
> Thanks
> T
>
> On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
> wrote:
>
>> Henning, your do have open option to go:
>>
>> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2
>> (suffers from https://issues.apache.org/jira/browse/MPLUGIN-382) to a
>> more recent one.
>>
>> OTOH, this issue revealed a validation issue:
>> - it relies on pluginDescriptor/dependencies to perform validation (that
>> contains wrong entries due MPLUGIN-382)
>> - we may want to validate the "reality" (plugin POM directly, instead of
>> derived plugin descriptor that is built out of plugin POM at build time by
>> maven-plugin-plugin, that may have bug as in this case)
>>
>> So, in this case we have an interesting situation:
>> - your inline project POM is good
>> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin
>> descriptor)
>> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and
>> reports "plugin as wrong"
>>
>> Your option is to upgrade m-plugin-p to (possibly latest) version and
>> release.
>>
>> Our option for the next Maven is probably to reconsider the data set we
>> validate from.
>>
>> Thanks
>> T
>>
>>
>>
>> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
>> henn...@schmiedehausen.org> wrote:
>>
>>> From maven 3.9.2:
>>>
>>> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
>>> [WARNING]   Declared at location(s):
>>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>>> 145
>>> [WARNING]   Used in module(s):
>>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>>> [WARNING]   Plugin issue(s):
>>> [WARNING]* Plugin should declare these Maven artifacts in
>>> `*provided*`
>>> scope: [
>>>   org.apache.maven:maven-artifact:3.8.4,
>>>   org.apache.maven:maven-settings-builder:3.8.4,
>>>   org.apache.maven:maven-repository-metadata:3.8.4,
>>>   org.apache.maven:maven-builder-support:3.8.4,
>>>   org.apache.maven:maven-core:3.8.4,
>>>   org.apache.maven:maven-resolver-provider:3.8.4,
>>>   org.apache.maven:maven-settings:3.8.4,
>>>   org.apache.maven:maven-plugin-api:3.8.4,
>>>

Re: maven 3.9.x warnings

Howdy,

So, have a small local change, probably to go with 3.9.3.

changes:
- message modified, it is now clear that it is "plugin descriptor" that
contains unwanted artifacts
- added new check that "checks reality", the plugin resolved dependencies

So, now messages on JDBI project look like this (two examples):

[WARNING]  * org.asciidoctor:asciidoctor-maven-plugin:2.2.3
[WARNING]   Declared at location(s):
[WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line 270
[WARNING]   Used in module(s):
[WARNING]* org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml)
[WARNING]   Plugin issue(s):
[WARNING]* Plugin should declare these Maven artifacts in `provided`
scope: [org.apache.maven:maven-core:3.0.5,
org.apache.maven:maven-plugin-api:3.0.5]
[WARNING]* Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-model-builder:3.0.5,
org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5,
org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5,
org.apache.maven:maven-artifact:3.0.5,
org.apache.maven:maven-repository-metadata:3.0.5,
org.apache.maven:maven-aether-provider:3.0.5,
org.apache.maven:maven-settings-builder:3.0.5]
[WARNING]* Plugin depends on plexus-container-default, which is EOL
[WARNING]
[WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
[WARNING]   Declared at location(s):
[WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145
[WARNING]   Used in module(s):
[WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
[WARNING]   Plugin issue(s):
[WARNING]* Plugin descriptor should not contain these Maven artifacts:
[org.apache.maven:maven-artifact:3.8.4,
org.apache.maven:maven-settings-builder:3.8.4,
org.apache.maven:maven-repository-metadata:3.8.4,
org.apache.maven:maven-builder-support:3.8.4,
org.apache.maven:maven-core:3.8.4,
org.apache.maven:maven-resolver-provider:3.8.4,
org.apache.maven:maven-settings:3.8.4,
org.apache.maven:maven-plugin-api:3.8.4,
org.apache.maven:maven-model-builder:3.8.4,
org.apache.maven:maven-model:3.8.4]

Problems of asciidoctor-maven-plugin:2.2.3:
1. does not declare scopes properly:
https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117
2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the
listed artifacts, reason is problem in bullet 1: they are not in provided,
hence in descriptor full transitive hull is present

Problems of inline-maven-plugin:1.0.1
1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382)


Thanks
T

On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák 
wrote:

> Henning, your do have open option to go:
>
> in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2 (suffers
> from https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent
> one.
>
> OTOH, this issue revealed a validation issue:
> - it relies on pluginDescriptor/dependencies to perform validation (that
> contains wrong entries due MPLUGIN-382)
> - we may want to validate the "reality" (plugin POM directly, instead of
> derived plugin descriptor that is built out of plugin POM at build time by
> maven-plugin-plugin, that may have bug as in this case)
>
> So, in this case we have an interesting situation:
> - your inline project POM is good
> - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong plugin
> descriptor)
> - Maven 3.9.2 detects this (well, unwanted artifacts in there) and reports
> "plugin as wrong"
>
> Your option is to upgrade m-plugin-p to (possibly latest) version and
> release.
>
> Our option for the next Maven is probably to reconsider the data set we
> validate from.
>
> Thanks
> T
>
>
>
> On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen <
> henn...@schmiedehausen.org> wrote:
>
>> From maven 3.9.2:
>>
>> [WARNING]  * org.basepom.maven:inline-maven-plugin:1.0.1
>> [WARNING]   Declared at location(s):
>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line
>> 145
>> [WARNING]   Used in module(s):
>> [WARNING]* org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml)
>> [WARNING]   Plugin issue(s):
>> [WARNING]* Plugin should declare these Maven artifacts in `*provided*`
>> scope: [
>>   org.apache.maven:maven-artifact:3.8.4,
>>   org.apache.maven:maven-settings-builder:3.8.4,
>>   org.apache.maven:maven-repository-metadata:3.8.4,
>>   org.apache.maven:maven-builder-support:3.8.4,
>>   org.apache.maven:maven-core:3.8.4,
>>   org.apache.maven:maven-resolver-provider:3.8.4,
>>   org.apache.maven:maven-settings:3.8.4,
>>   org.apache.maven:maven-plugin-api:3.8.4,
>>   org.apache.maven:maven-model-builder:3.8.4,
>>   org.apache.maven:maven-model:3.8.4]
>>
>>
>> From the plugin project itself, on the 1.0.1 tag:
>>
>> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort
>> [...]
>> [INFO]org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module
>> maven.artifact (auto)
>> [INFO]

Re: [VOTE] Release Apache Maven Source Plugin version 3.3.0

2023-05-19 Thread Olivier Lamy

+1

On Thu, 18 May 2023 at 07:41, Slawomir Jaranowski
 wrote:
>
> Hi,
>
> We solved 7 issues:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317924=12346658
>
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MSOURCES%20AND%20resolution%20%3D%20Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1945/
> https://repository.apache.org/content/repositories/maven-1945/org/apache/maven/plugins/maven-source-plugin/3.3.0/maven-source-plugin-3.3.0-source-release.zip
>
> Source release checksum(s):
> maven-source-plugin-3.3.0-source-release.zip - SHA-512 :
> d1aec2a1069a1e46bb8240484f998991fdfd0ee0bf9eba17636b3a122b2508d370d19395ca945b891893359a240dbb5db894691c1e4fef0929f7ca400d20bbcf
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-source-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for at least 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> --
> Sławomir Jaranowski

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: maven 3.9.x warnings