[jira] (MNG-1977) Global dependency exclusions
[ https://jira.codehaus.org/browse/MNG-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=342923#comment-342923 ] Oliver Siegmar commented on MNG-1977: - This issue and MNG-624 (which is even older) are two reasons why I switched to Gradle. > Global dependency exclusions > > > Key: MNG-1977 > URL: https://jira.codehaus.org/browse/MNG-1977 > Project: Maven 2 & 3 > Issue Type: New Feature > Components: POM >Reporter: Kees de Kooter > Fix For: Issues to be reviewed for 4.x > > Attachments: global_excls_it-test_v2.patch, > global_excls_it-test_v3.patch, global_excls_maven3_v2.patch, > global_excls_maven3_v3.patch > > > I depend on some libraries, which in turn depend on something > (which in turn depend on something) that I don't want, because I declare > some other artifact in my pom.xml. > A concrete example: I don't want that the artifact "xerces" is imported in > my project because I declare to depend on "xercesImpl" which ships newer > libraries but with the same namespaces. > I guess I would need an "exclude transitive dependency at all", either > globally or from this and that artifact. I saw the tag, but it > forces me to be very verbose and have exact control on what is required by a > dependency. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] Created: (MEV-677) Remove or replace incorrect JSTL 1.2
Remove or replace incorrect JSTL 1.2 Key: MEV-677 URL: http://jira.codehaus.org/browse/MEV-677 Project: Maven Evangelism Issue Type: Bug Components: Problem with Jar Reporter: Oliver Siegmar Assignee: Brian Fox The JAR at http://repo1.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar (based on http://download.java.net/maven/1/javax.servlet.jsp.jstl/jars/jstl-1.2.jar) does not contain JSTL 1.2. The TLDs say that it is "JSTL 1.1". The correct version can be downloaded at http://jstl.java.net/download.html - http://download.java.net/maven/glassfish/javax/servlet/jsp/jstl/jstl-api/1.2/jstl-api-1.2.jar http://download.java.net/maven/glassfish/org/glassfish/web/jstl-impl/1.2/jstl-impl-1.2.jar If these jars cannot be uploaded to Maven Central, because of license issues, at least the wrong jars should be removed. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-553) Secure Storage of Server Passwords
[ http://jira.codehaus.org/browse/MNG-553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_96012 ] Oliver Siegmar commented on MNG-553: Also note, that at least Java6 has support for reading passwords without echoing it to the console - http://java.sun.com/javase/6/docs/api/java/io/Console.html > Secure Storage of Server Passwords > -- > > Key: MNG-553 > URL: http://jira.codehaus.org/browse/MNG-553 > Project: Maven 2 > Issue Type: Improvement >Affects Versions: 2.0-alpha-3 > Environment: Although it may not be relevant since this is a general > improvement issue, Windows XP, JDK 1.4.1. >Reporter: J. Michael McGarr >Priority: Critical > Fix For: 2.1.x > > > This was a question pose to the Maven User's Group and it was suggested I add > it here. > It would be benefitial to provide a more secure means of storing password's > to the servers listed in the .m2/settings.xml. They are currently being > stored as plain text and could definately be considered a security breach. > Numerous organizations would undoubtedly considered this an unacceptable > security risk, and this could prevent widespread adoption of Maven2. > I would suggest leaving an option to encrypt the password into the settings > file (more secure, but not foolproof) or even requiring the password to be > manually provided per build (would prevent automation of builds). I am sure > that there is a secure solution to this problem and it should be part of the > 2.0 release. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-1258) Add option to redownload poms
[ http://jira.codehaus.org/browse/MNG-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_96010 ] Oliver Siegmar commented on MNG-1258: - It should be completely forbidden, that a version (jar and pom) ever changes! This leads to very hard-to-reproduce problems if packages differ from one computer to another only because they have different versions of an archive. If a pom has to be updated, a new one should be created with an additional (packaging dependend) version field (version bumped from 1.0 to 1.0-1 for example). > Add option to redownload poms > - > > Key: MNG-1258 > URL: http://jira.codehaus.org/browse/MNG-1258 > Project: Maven 2 > Issue Type: Improvement > Components: Plugins and Lifecycle >Affects Versions: 2.0 (RC) >Reporter: Carlos Sanchez > Fix For: 2.1.x > > > Add an option to the command line to redownload the poms, so it's easy to get > the fixes in the remote repo. Something like -f , --refresh or whatever -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (MAVENUPLOAD-1369) New PostgreSQL JDBC driver versions
New PostgreSQL JDBC driver versions --- Key: MAVENUPLOAD-1369 URL: http://jira.codehaus.org/browse/MAVENUPLOAD-1369 Project: maven-upload-requests Issue Type: Task Reporter: Oliver Siegmar http://www.siegmar.org/maven2/postgresql-8.0-318.jdbc3-bundle.jar http://www.siegmar.org/maven2/postgresql-8.1-408.jdbc3-bundle.jar http://www.siegmar.org/maven2/postgresql-8.2-504.jdbc3-bundle.jar http://www.siegmar.org/maven2/postgresql-8.2-504.jdbc4-bundle.jar http://jdbc.postgresql.org http://jdbc.postgresql.org/who.html -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MAVENUPLOAD-932) postgresql-8.1-407
[ http://jira.codehaus.org/browse/MAVENUPLOAD-932?page=comments#action_66715 ] Oliver Siegmar commented on MAVENUPLOAD-932: Forgot to mention that I'm NOT A DEVELOPER. The project url is http://jdbc.postgresql.org. > postgresql-8.1-407 > -- > > Key: MAVENUPLOAD-932 > URL: http://jira.codehaus.org/browse/MAVENUPLOAD-932 > Project: maven-upload-requests > Type: Task > Reporter: Oliver Siegmar > > > A new version (8.1-407) of the PostgreSQL JDBC driver. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (MAVENUPLOAD-932) postgresql-8.1-407
postgresql-8.1-407 -- Key: MAVENUPLOAD-932 URL: http://jira.codehaus.org/browse/MAVENUPLOAD-932 Project: maven-upload-requests Type: Task Reporter: Oliver Siegmar A new version (8.1-407) of the PostgreSQL JDBC driver. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MEV-363) Spring 1.2.7 POMs Missing
[ http://jira.codehaus.org/browse/MEV-363?page=comments#action_65103 ] Oliver Siegmar commented on MEV-363: spring-full 1.2.7 is still missing > Spring 1.2.7 POMs Missing > - > > Key: MEV-363 > URL: http://jira.codehaus.org/browse/MEV-363 > Project: Maven Evangelism > Type: Bug > Components: Missing POM > Reporter: Stephen Duncan Jr > Assignee: Carlos Sanchez > Attachments: spring-poms-1.2.7.zip, spring-poms-1.2.7.zip > > > All Spring 1.2.7 jars need POMs added. POMs should be duplicates of Spring > 1.2.6 but with the following other MEV issues taken into account: > http://jira.codehaus.org/browse/MEV-316 and > http://jira.codehaus.org/browse/MEV-277 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MAVENUPLOAD-880) org:acegisecurity:acegi-security-tiger-1.0.0-RC2 pom file missisng
[ http://jira.codehaus.org/browse/MAVENUPLOAD-880?page=comments#action_64901 ] Oliver Siegmar commented on MAVENUPLOAD-880: ...as well as for all other acegi 1.0.0 RC2 subprojects... > org:acegisecurity:acegi-security-tiger-1.0.0-RC2 pom file missisng > -- > > Key: MAVENUPLOAD-880 > URL: http://jira.codehaus.org/browse/MAVENUPLOAD-880 > Project: maven-upload-requests > Type: Task > Reporter: Ray Tsang > > > http://www.ibiblio.org/maven2/org/acegisecurity/acegi-security-tiger/1.0.0-RC2/ > pom file is missing -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira