Re: Publish Via the Central Portal

> We are also working on Maven 4, so today the plugin should be possible to > > use with the next Maven major version. > > As I remember nexus-staging-plugin can not be used with Maven 4. > > Can a new plugin be used with Maven 4? > > > > > > śr., 1 maj 2024 o

Re: Publish Via the Central Portal

Hey all. Thanks Romain for pointing out the thread for me. One issue is that Central publishers is a much larger set of folks than the Maven Dev group. Obviously there's lots of overlap, but as Romain said, creating a plugin is a thing that can be done independently. As we've been working towards

Re: [DISCUSS] Java version for Maven

th 3.x.x. > > Elliotte gave a good reason for this: There are two camps now (read: > > ALREADY). > > There is no reason to not go with either of them. > > > > Am Do., 22. Feb. 2024 um 19:56 Uhr schrieb Brian Fox >: > > > > > > We dumped 30 days b

Re: [DISCUSS] Java version for Maven

: > > > > > > > Howdy, > > > > > > > > Maven UA is created like this: > > > > > > > > > > > https://github.com/apache/maven/blob/master/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessio

Re: [DISCUSS] Java version for Maven

Hi everyone. I haven't caught up on this thread but Tamas pinged me to get some usage data from Central. Attached are the Maven versions and JDK Version counts as reported by User Agent by distinct IP for the last 30 days: On Wed, Feb 21, 2024 at 4:15 PM Hunter C Payne wrote: > I also want

Re: Feature Request: Add CPE String to pom.xml

Hi Sebastian, The challenge is that CPE as a coordinate system doesn’t have enough specificity to match artifacts. It has organization/product/version and therefore doesn’t have the ability to capture sub module. This is what leads to most of the mismatch issues seen in CVE based tools (but not al

CVE-2021-26291: Apache Maven: block repositories using http by default

Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Mav

Re: [VOTE] Release Apache Maven version 3.8.0

I'm +1. If the worst thing we can find to worry about is the version number 3.7, 3.8, then it seems like we're close enough. On Wed, Mar 24, 2021 at 3:11 AM Romain Manni-Bucau wrote: > > +0 cause of the versioning which is unexpected (but you know what? since it > is a git tag we can drop it and

Re: [VOTE] Release Apache Maven version 3.8.0

The CVE is for documentation and the hardening of default behavior, it's not your typical zero day. On Mon, Mar 22, 2021 at 10:53 PM Gary Gregory wrote: > > You are acknowledging a CVE _before_ a release? > > Gary > > > On Mon, Mar 22, 2021, 15:40 Robert Scholte wrote: > > > Hi, > > > > For the

Re: uploading to central via ossrh is problematic

y to maintain some oss stuff. > Moreover, I initially thought that OSSRH timeout was not 'just' a Sonatype > issue even if Sonatype is the operator of central & OSSRH (and I thank you > for that). I saw it as a community problem and thus I just wanted to have > some feedback

Re: uploading to central via ossrh is problematic

Hi Matthieu, I think continuing the conversation on your existing ossrh ticket is the right place to resolve this. While it seems like you're having recurring issues, it's not occurring across the entire system so we need to figure out what the unique issue is. --Brian Cofounder & CTO Sonatype On

Re: Moving hashes (checksums) forward

l with #2 > > #2 can't be done w/o careful planning. That's clear. > Who's the right contact at Sonatype? Brian Fox? > > > > On 31-5-2020 16:58:58, Michael Osipov wrote: > > Folks, > > > > I have been recently (indirectly) approached by Mark Thom

Deprecating HTTP access to Central

Last year, we deprecated old and insecure TLS protocols on Central to make access more secure. This year, we're moving things forward again by deprecating and later removing access to insecure by default HTTP access. Right now this affects less than 20% of the traffic hitting Central. To find out

[Notice] Java 6 and 7 users: TLS 1.1 being discontinued on Central

it along and we will include that as well. https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/ --Brian Fox Apache Maven PMC CTO, Sonatype - To unsubscribe, e-mail: dev-unsubscr

Re: [VOTE] Release Maven Indexer 6.0.0

On Fri, Dec 1, 2017 at 3:19 AM, Andreas Sewe < s...@st.informatik.tu-darmstadt.de> wrote: > Olivier Lamy wrote: > > probably no issues for sure. > > I just don't know if we will be able to still download the index from > > central and use it with this new version > > TBH I haven't done any testing

Re: [VOTE] Release Maven Indexer 6.0.0

Eyeballing the list, most of the changes seem irrelevant to the central use case. Is there anything in here that matters for Central (and if so, what are the backwards compat implications?) On Thu, Nov 30, 2017 at 2:07 AM, Olivier Lamy wrote: > +1 > > I'm not clear if this new version will be us

Re: Maven JDeprScan Plugin

All set. On Sat, Oct 28, 2017 at 9:48 AM, Robert Scholte wrote: > Hi, > > I'd like to prepare an alpha release of the Maven JDeprScan Plugin > It is a wrapper around the jdeprscan tool[1], available since Java 9. > > You use the jdeprscan tool as a static analysis tool that scans a jar > file

Re: dependency:go-offline broken?

2017 at 7:53 AM, Benedikt Ritter wrote: > Hello Brain, > > > Am 26.09.2017 um 23:10 schrieb Brian Fox : > > > > On Mon, Sep 25, 2017 at 2:10 PM, Benedikt Ritter > wrote: > > > >> Hello Brian, > >> > >>> Am 20.09.2017 um 23:16 schrieb Bria

Re: dependency:go-offline broken?

On Mon, Sep 25, 2017 at 2:10 PM, Benedikt Ritter wrote: > Hello Brian, > > > Am 20.09.2017 um 23:16 schrieb Brian Fox : > > > > It's been a really long time, but I recall that there were issues getting > > the dependencies of plugins bound to the lifecycle. Th

Re: dependency:go-offline broken?

It's been a really long time, but I recall that there were issues getting the dependencies of plugins bound to the lifecycle. This looks to be the same problem. I think the documentation talked about a way to do this effectively. On Wed, Sep 20, 2017 at 4:48 PM, Benedikt Ritter wrote: > Hi, > >

Re: Maven BOF session @ JavaOne

Cool. I'll be there as well. On Sat, Jul 29, 2017 at 5:58 AM, Robert Scholte wrote: > Hi, > > Both my talk and the BOF have been accepted for JavaOne 2017. > I will host the BOF session together with Manfred Moser. > All are invited to join. > > > thanks, > Robert > > ---

index out of bounds 3.5 regression

I'm getting index out of bounds exceptions with 3.5 that don't occur with 3.3.9. I haven't debugged it yet, but wondering if this is already known? Fwiw reproducible with the DependencyCheck 2.0-snapshot master. [ERROR] 13978 java.lang.ArrayIndexOutOfBoundsException: 13978 at org.codehaus.plexus

Re: Silly Saturday idea - If Maven Central were a bunch of Git repos

Even more than redefining what Central does, you're effectively describing a new, unofficial java class packaging and distribution mechanism. This seems like it will violate signatures etc and make tracking of what you actually have a nightmare. On Tue, May 16, 2017 at 5:55 PM, Hervé BOUTEMY wrot

Jigsaw removes the ability for tools to help name transition

Robert and I wrote a bit previously [1] about the issues with the automodules in jigsaw (hint: they use only the filename to default a module which we've demonstrated is a terrible idea). There was a happy medium which would have allowed library developers to select a name before full modularizatio

Re: Fwd: How to name modules, automatic and otherwise

in the future. Maybe it would be good if all Apache project and > others > > that are going to publish modules start with using the full namespace in > > the module name. Problem is of course that the examples I saw so far all > do > > NOT do that so we will end up with a mes

Re: Fwd: How to name modules, automatic and otherwise

ild up the right practices before jigsaw takes off. > > -- > Regards, > Igor > > On Thu, Feb 16, 2017, at 01:11 PM, Brian Fox wrote: > > I generally agree the concerns were mostly ignored. Specifically the > > dangers in not carefully approaching and setting best practices

Re: Fwd: How to name modules, automatic and otherwise

ise > > Date: Thu, 16 Feb 2017 17:48:27 +0100 > > > > This note is in reply to the concerns about automatic modules raised by > > Robert Scholte and Brian Fox [1], and by Stephen Colebourne and others > > [2]. I've collected my conclusions here rather than in

Re: Unable to close staging repository on repository.apache.org

I looked a little closer, the servers are up and your key 843ddb767188601c is not there. Make sure you've published your key to the pgp servers and that you can search it from here: http://pool.sks-keyservers.net:11371/ On Thu, May 26, 2016 at 6:15 PM, Brian Fox wrote: > When this happe

Re: Unable to close staging repository on repository.apache.org

When this happens, it's a failure in the pgp key server ring and despite the fact that the ring is meant to distribute load, they all seem to go down at the same time. There isn't actually anything we can do on the rao side to make this work besides drop the staging rule that checks the key. I thin

Re: Jira access for new committer

Added simpligility to maven-dev On Wed, Jun 24, 2015 at 12:38 AM, Barrie Treloar wrote: > I've pinged Brian to have a look. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@mav

Re: [VOTE] Add Manfred Moser as committer

+1 --mobile > On May 13, 2015, at 2:55 AM, Hervé BOUTEMY wrote: > > Hi, > > I'd like to introduce Manfred Moser as committer for the Apache Maven > project. > > He's working on Android Maven plugin for years, has great discussions both on > users and dev MLs, has a great attitude. > And he

Re: What binary repo for plexus?

d. > > The POMs for plexus currently points to OSSRH. Can anyone who has done > a release of a plexus component lately shed some light on where they > go? Either nexus.codehaus.org och OSSRH. > > > On Tue, Mar 10, 2015 at 6:28 PM, Brian Fox wrote: >> The current plan is t

Re: What binary repo for plexus?

The current plan is to continue running nexus.codehaus.org and then move stuff over to ossrh as needed. The ssl cert was just renewed and Bob said the DNS isn't going away immediately. We figure projects have enough other stuff to scurry around changing, Nexus doesn't have to be part of it at the s

Re: Maven Compat + Maven 3.0 Plugin Part 1: Mercury

On Sat, Mar 7, 2015 at 10:04 AM, Robert Scholte wrote: > Mercury? I guess some of it is now part of Aether, Mercury predates Aether. It was an attempt to update the artifact apis that was abandoned. (Unless the name is being reused as something new) --

Re: move maven core to java 7?

+1 On Thu, Mar 5, 2015 at 8:16 AM, Igor Fedorenko wrote: > This is chicken-and-egg situation. We won't use java 7 features unless > the code targets java 7. > > Try-with-resources and multi-exception catch are the too features I'd > like to start using throughout the code. Although not "critical"

Re: Abandoned bugs analysis

+1 close em... On Tue, Nov 25, 2014 at 4:22 PM, Jason van Zyl wrote: > I don't agree. This is a project, not a product and if no one looks at > something for 2 years then no one cares. We are not erasing the issues and if > someone does care enough to ask to reopen an issue then that's great. B

Re: Plexus Archiver / Plexus Components

Herve and I discussed moving the repos before splitting them, but it made sense to just go ahead and split it first because that was easier and quicker to pull off. If we can get them into an Apache repo, that makes sense. On Tue, Sep 2, 2014 at 3:48 AM, Benson Margulies wrote: > Note that we rec

Re: [VOTE] Maven 3.2.3 Release

+1 I did a few tests of various cases related to the new url for central and interactions with repo managers, everything looks ok. On Mon, Aug 11, 2014 at 5:24 PM, Jason van Zyl wrote: > +1 > > Analyzer... > > stagingUrl: https://repository.apache.org/content/repositories/maven-1046 > groupId: o

Re: Default to SSL

nd defaulting it later on? I think I'd be down >> for just switching cold turkey. >> >> On 11 Aug 2014, at 13:28, Brian Fox wrote: >> >>> https://repo.maven.apache.org is up now so we can flip to ssl when >>> ready. Is the consensus to get this into 3.2.3 or

Default to SSL

https://repo.maven.apache.org is up now so we can flip to ssl when ready. Is the consensus to get this into 3.2.3 or to wait for more time to test? We may want to consider switching the repository.apache.org url in our poms as well.

Re: plexus components

Hi Herve, this is all set. I didn't split any code but the new repos are available and added to the plexus team in github. We should have a discussion on where the proper hosting location for this really is. If we want to move this to the maven project, I would support that. On Fri, Aug 1, 2014 a

Re: Central and Man-in-the-middle

We are already in the process of making this open for free to everyone. Way back in 2012 the CDN situation was different but we just renewed the contract and and ssl is part of it. Once this is setup, we should consider changing the superpom to use ssl by default. Obviously doing something to vali

Re: Nexus is down?

n 2014-06-18, 9:13, Jason van Zyl wrote: >> >> Two times during the one hour window that I was trying to release that the >> service was not available. It was an Apache page but I assume Nexus wasn't >> running behind it or not responding. >> >> On Jun 18, 20

Re: Nexus is down?

https://issues.apache.org/jira/browse/INFRA-7915 On Wed, Jun 18, 2014 at 9:01 AM, Arnaud Héritier wrote: > When I noticed it was down on my side it was 503 errors > > > On Wed, Jun 18, 2014 at 2:57 PM, Brian Fox wrote: > >> I haven't received any alerts that it'

Re: Nexus is down?

I haven't received any alerts that it's been down although there are sporadic reports of timeouts. Did you receive a timeout, 502 or something else? Nexus is on shared vm hosts and shared disks and I suspect that some other guest is occasionally bursting and screwing up the io throughput. On Tue,

Re: [Maven 4.0.0] Removing ability for plugins to dynamically inject dependencies

On Fri, Apr 11, 2014 at 5:50 PM, Benson Margulies wrote: > On Fri, Apr 11, 2014 at 5:29 PM, Stephen Connolly > wrote: > > On 11 April 2014 22:10, Benson Margulies wrote: > > > >> > > >> > Fwiw, I don't recall the dependency plugin actually injecting stuff > into > >> > the project class path but

Re: [Maven 4.0.0] Removing ability for plugins to dynamically inject dependencies

> My proposal is strictly to prohibit a plugin from modifying a project's > classpath implicitly. That this become fully explicit such that I can > remove some of the convoluted logic in the core to account for this. > > Not allowing plugins to randomly inject new dependencies makes sense. I see so

Re: Model Version 5.0.0

On Sat, Nov 23, 2013 at 11:47 PM, Igor Fedorenko wrote: > The way I see it, what is deployed describes how the artifact needs to > be consumed. This is artifact's "public API", if you will, it will be > consumed by wide range of tools that resolve dependencies from Maven > repositories and descrip

Re: Submitting a new maven plugin..

Hi Laurent, this does look like an handy plugin. I could actually imagine these goals being added to the existing clean plugin and also think this could be pretty popular. What do others think? On Wed, Aug 7, 2013 at 2:39 AM, labtech.dev wrote: > Hi there, > > Please first excuse my poor english.

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

rds making it "official" > > Everyone else, > > Time to shout out if you have any issues / suggested improvements on the > content > > - Stephen > > On Friday, 2 August 2013, Stephen Connolly wrote: > >> On 2 August 2013 16:07, Brian Fox > 'cvml', 

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

On Aug 2, 2013, at 12:30 PM, Paul Benedict wrote: > I've stated from the beginning of this thread that it's impossible to > prevent someone from developing outside of Apache. I stand by that still. > That can't be prevented and any attempt will fail since it's not practical. > > If my words today

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

On Fri, Aug 2, 2013 at 12:10 PM, Stephen Connolly wrote: > So anyway, I now have this ultra whizzbang high performance logging API and > I am aware of some deficit in the logging performance of Maven, so I spin > up a private fork (it could be a hidden private fork, or it could be a > public one..

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

I think the bulk of this is pretty good. On the fork section, specifically: " As soon as changes in that fork are identified which should be brought back to the project those changes should be introduced into at least a branch hosted on the Apache Maven source control in order to facilitate the ea

Re: [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave (was Re: svn commit: r1506778 - /maven/site/trunk/content/markdown/project-roles.md)

> > There is at least one Maven Committer who has been maintaining a fork of > Maven for perhaps the greater part of a year. Is it really a fork? Or is it a superset? I think people throw around fork but is that really true? - To

Re: Older (archiva) binaries not in Central.

Chris, we can add this right to the apache nexus and it will be synced to Central. No need to do a one-off upload. Do you have a list of the exact files that are missing? On Thu, Jul 11, 2013 at 1:57 AM, Chris Graham wrote: > ok, cool. I will go and have a look. Thanks! > > -Chris > > > On Thu,

Re: Poposed Sandbox plugins - digest and gpg:signfiles

You mean releases that don't go to the standard release repo? Yes it's technically possible but it becomes a dangerous thin line between official release and one that bypasses the usual asf process. --mobile On Jun 22, 2013, at 8:07 PM, sebb wrote: > On 23 June 2013 01:00, Olivier Lamy wrote:

Re: [VOTE] Apache 3.1.0-alpha-1 (Take 4)

+1 On Sat, Jun 1, 2013 at 9:13 AM, Jason van Zyl wrote: > Here are the release bits for 3.1.0-alpha-1: > > Release notes: > https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500&version=18967 > > Staging repository: > https://repository.apache.org/content/repositories/maven-046/ > > S

Re: [VOTE] Release Maven Dependency Tree version 2.1

Yes that should do it. On Fri, May 3, 2013 at 3:20 AM, Mirko Friedenhagen wrote: > Hello Hervé, > > as an enduser, I just define this as a dependency to e.g. the > maven-dependency-plugin, right? > > Regards Mirko > -- > Sent from my mobile > On May 3, 2013 2:04 AM, "Hervé BOUTEMY" wrote: > >>

Re: [Vote #2] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

+1 On Mon, Mar 11, 2013 at 1:04 PM, Henning Schmiedehausen < henn...@schmiedehausen.org> wrote: > +1 to release. > > Thanks, > Henning > > > > > On Mon, Mar 11, 2013 at 9:44 AM, John Casey > wrote: > > > Bump... > > > > Has this vote failed, then, or are we saying that all the +1's from the

Re: The next major release of Maven: 4.0.0

I don't think we should move to 4.0 because of this. The primary consumer of our systems are the end users and this change doesn't represent "api" breakage to them. If we make what appears to be such a large version change, that could scare off or confuse people who are just now warming up to 3.x.

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

ot have this property > and did set permissions, so the new default is a backwards incompatible > change. Also this new property is not documented in the release notes: > http://jira.codehaus.org/secure/ReleaseNote.jspa?version=18926&styleName=Text&projectId=11214 > > -dai

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

discussion following this message was related to a > different issue, unless I'm missing something in the issue details... > > What do we need to do to move forward with another vote? > > > On 3/6/13 3:22 PM, Brian Fox wrote: > >> -1 based on dain's discovery on permi

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

I don't know for sure this field fixed the original issue. If it does, the go ahead and close it --mobile On Mar 6, 2013, at 5:37 PM, Olivier Lamy wrote: > 2013/3/6 Brian Fox : >> MDEP-391 introduced this problem, just committed a fix for it. > why not closing the issue ?

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

MDEP-391 introduced this problem, just committed a fix for it. On Wed, Mar 6, 2013 at 4:22 PM, Brian Fox wrote: > -1 based on dain's discovery on permissions. > > > On Wed, Mar 6, 2013 at 10:15 AM, Olivier Lamy wrote: > >> +1 >> >> 2013/3/5 John Casey : &

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

-1 based on dain's discovery on permissions. On Wed, Mar 6, 2013 at 10:15 AM, Olivier Lamy wrote: > +1 > > 2013/3/5 John Casey : > > Hi, > > > > This vote is for the Maven dependency plugin version 2.7, which also > > requires the release of Maven shared dependency analyzer version 1.4. > > > >

Re: [VOTE] formally end support for Maven 1

+1 On Sun, Mar 3, 2013 at 5:34 AM, Hervé BOUTEMY wrote: > +1 > > Regards, > > Hervé > > Le samedi 2 mars 2013 07:18:51 Benson Margulies a écrit : > > Based on the sentiment on the discussion thread, I call a formal vote > > to end support for Maven 1.x. This is a vote to: > > > > 1: Remove mave

Re: Desupport Maven 1

On Wed, Feb 27, 2013 at 10:56 AM, Benson Margulies wrote: > If someone else > wants to support it, they are welcome to do so elsewhere. > Or here through active participation. But while we don't have active committers supporting it, we should say so. Nothing stops us from doing more than the offi

Re: Desupport Maven 1

+1 and take if off the dist site. On Wed, Feb 27, 2013 at 10:42 AM, Benson Margulies wrote: > Are there any readers on this list who are prepared to respond to any > issues on Maven 1.x, especially, for example, security issues? Does > anyone know how to make a release? Unless that set is non-em

Re: [ANN] Apache Maven 3.0.5 released

Just wanted to bring this to the users list and ensure that those reading the release notes see the security alert for 3.0.4: CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3 Descripti

Re: git commit: fixed typo

epository to encourage not to > use it. > > WDYT? > > Robert > > > Op Tue, 05 Feb 2013 00:02:47 +0100 schreef Hervé BOUTEMY < > herve.bout...@free.fr>: > > > good idea >> >> any objection? >> >> Regards, >> >> Hervé >&

Re: git commit: fixed typo

i'm on the fence about if this is good or not, but I think the option if provided should be simple-local-repository without the manager part. People already get confused about what's a local repo vs what's a repository manager and the mixing of these concepts here will make that worse. On Sat, Fe

Re: Passing State Between Plugin Executions

The enforcer plugin uses a static array to hold data between executions. On Wed, Jan 30, 2013 at 2:15 PM, Aaron Dixon wrote: > I am developing a plugin with "start" and "stop" goals to be executed > typically in pre-integration-test and post-integration-test phases, > respectively. > > For exam

Re: Top navbar on the site with fluido

+1 On Tue, Jan 1, 2013 at 6:42 AM, Anders Hammar wrote: > +1 > I think we should keep the old left-hand menu, like what we've done over at > Mojo. > > /Anders > > > On Sat, Dec 29, 2012 at 5:09 PM, Jesse Farinacci wrote: > > > Greetings, > > > > On Fri, Dec 28, 2012 at 11:21 PM, Kristian Rosen

Re: Getting Maven component and plugin releases to /dist -- space

On Sun, Dec 23, 2012 at 10:26 AM, Henk P. Penning wrote: > On Sun, 23 Dec 2012, Benson Margulies wrote: > > Date: Sun, 23 Dec 2012 15:26:18 +0100 >> From: Benson Margulies >> To: Henk P. Penning >> Cc: Maven Developers List , >> "infrastruct...@apache.org" >> >> Subject: Re: Getting Maven

Re: plugin source releases aren't copied to 'dist', can anyone dig up history?

Further to that, no one will ever consume maven plugins from a random dist folder anyway, so a policy that requires this is a paper policy only and would have no basis in the reality of how these particular projects are consumed. On Fri, Dec 21, 2012 at 1:18 PM, Brian Fox wrote: > The l

Re: plugin source releases aren't copied to 'dist', can anyone dig up history?

The last discussion of this required the production of proper source bundles for voting, which we created at that time. I don't recall there being any requirement that everything go onto dist. On Fri, Dec 21, 2012 at 10:57 AM, Benson Margulies wrote: > Dear fellow community members, > > The curr

Re: Logging

Great summary Benson, I agree with your assessments here. On Sun, Dec 16, 2012 at 12:16 PM, Benson Margulies wrote: > Since not much has been heard on the 'pick a logger' question for some > time, I'm going to stick my neck out and try to summarize some > aspects, in the hopes of discovering how

Re: Logback in Maven Core

On Tue, Dec 11, 2012 at 5:07 PM, Benson Margulies wrote: > > If we ever got that far, I would argue pretty strenuously against a > PMC-level rejection of something just based on being EPL. A class-B > license is a perfectly legitimate dependency. As would I. If we were talking about binding our

Re: Maven Core to Git

Didn't it used to be that way? (separate) On Tue, Nov 27, 2012 at 4:09 AM, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > On 27 November 2012 08:41, Olivier Lamy wrote: > > > 2012/11/27 Brett Porter : > > > > > > On 27/11/2012, at 10:34 AM, Arnaud Héritier > wrote: > > > > > >> O

Re: [VOTE] Maven Indexer 5.1.0 Release (take 2)

+1 On Tue, Nov 20, 2012 at 2:15 PM, Tamás Cservenák wrote: > Hi, > > we'd like to release Maven Indexer 5.1.0. > > We fixed 7 issues: > > http://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=12112&version=18972 > > Staging repository: > https://repository.apache.org/content/repositories/ma

Re: [VOTE] Move Maven projects sources to git

I'm +1 On Tue, Sep 11, 2012 at 1:39 PM, Robert Scholte wrote: > I don't think it's IF we should move to git, but WHEN and now seems to be > the right time. > +1 > > Robert > > Op Tue, 11 Sep 2012 14:49:46 +0200 schreef Paul Gier : > > > +1, and I'm willing to volunteer if you still need more peo

Re: Why do the core its fail massively when using mirrorOf in settings.xml ?

There are lots of tests that are trying to use file based repositories for certain conditions. This is why in 2.0.9 I had added the external:* : external:* matches all repositories except those using localhost or file based repositories. This is used in conjunction with a repository manager when y

Re: Maven2 mirror @ netcologne

On Wed, Jul 25, 2012 at 4:19 PM, Brett Porter wrote: > On 26/07/2012, at 3:46 AM, Brian Fox wrote: > > > On Tue, Jul 24, 2012 at 7:16 PM, Brett Porter wrote: > > > >> > >> My understanding is that unfortunately Sonatype are not allowing anyone > >>

Re: Maven2 mirror @ netcologne

On Tue, Jul 24, 2012 at 7:16 PM, Brett Porter wrote: > > My understanding is that unfortunately Sonatype are not allowing anyone > else to mirror the content directly any more. > Ibiblio disabled the rsync on their own accord because it was thrashing their disks. Central is now on a CDN so para

Central is now being served from a CDN

Just over a year ago we evolved the Central architecture to be globally load balanced with 2 servers in the US and 2 more in the UK. This year, we've gone even futher to increase reliability and delivery performance. We evaluated several options and ultimately settled with Edgecast as the delivery

Re: Maven Central is probably blocked in China

Niclas, I'm told it's working now. Can you confirm? On Tue, Jul 10, 2012 at 1:11 PM, Brian Fox wrote: > The network team confirmed that this is only Unicom with the issue. They > are looking at alternate routes that would hopefully work. > > > On Mon, Jul 9, 2012 a

Re: Maven Central is probably blocked in China

for that service and don't have it. > > > Cheers > Niclas > > On Tue, Jul 10, 2012 at 1:58 AM, Brian Fox wrote: > > Niclas, > > We are seeing a lot of traffic to Central from China, so this certainly > > isn't a case of the Great Firewall blocking ever

Re: Maven Central is probably blocked in China

Niclas, We are seeing a lot of traffic to Central from China, so this certainly isn't a case of the Great Firewall blocking everything, rather it seems a little more localized. Can you send more more info about your source ip and geo location that we could use to see what's up? Possibly we can get

Re: RPMs for Maven 3?

Has anyone considered making an rpm/deb bundle that essentially contains a script which can fetch the associated tar.gz from the apache site and unpack it? It seems like this would be the best of both worlds. Hardly anything ever changes in the package, people get easy access to "sudo apt get inst

Re: Security trouble

On Wed, Mar 21, 2012 at 4:35 AM, Sascha Scholz wrote: > Hi, > > On Tue, Mar 20, 2012 at 11:28 PM, Olivier Lamy wrote: >> BTW do we consider adding a warning in 3.0.5 if id != host and fail in 3.0.6 >> or fail directly in 3.0.5 > > Why not deprecate the id entry then instead of forcing users to se

Re: Security trouble

On Tue, Mar 20, 2012 at 6:28 PM, Olivier Lamy wrote: > 2012/3/20 Brian Fox : >> On Tue, Mar 20, 2012 at 5:07 PM, Olivier Lamy wrote: >>> 2012/3/20 Brian Fox : >>>> On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy  wrote: >>>> >>>>> Hell

Re: Security trouble

On Tue, Mar 20, 2012 at 5:07 PM, Olivier Lamy wrote: > 2012/3/20 Brian Fox : >> On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy  wrote: >> >>> Hello Folks, >>> >>> The default preemptive on for GET is probably a bad idea. >>> Im

Re: Security trouble

On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy  wrote: > Hello Folks, > > The default preemptive on for GET is probably a bad idea. > Imagine the following case, in your settings you have: > >     >      olamy >      reallycomplicatedpassword >      foo.org >     > > During dependencies resolution

Re: Artifact.isSnapshot definition

The second one looks right to me, this is what I've always used as reference[1] [1] http://www.sonatype.com/people/2008/05/maven-code-how-to-detect-if-you-have-a-snapshot-version/ On Mon, Feb 27, 2012 at 6:41 PM, Robert Scholte wrote: > A couple of issues of the release-plugin have to do with S

Re: Help me convincing Tomcat to use Maven

> > If Ant is their primary build tool, then I would suggest helping them > set up Ant to use Maven Ant Tasks as a starting point. That is a great > way of enabling an Ant build to deploy the artifacts into a Maven-style > repository. > I would second that. In fact Ant/Ivy both already deploy to Ne

Re: [CALL FOR TEST] Apache Maven 3.0.4-RC3 staged

30 minutes is a high enough value that I think we'll be ok. Thanks Olivier. On Tue, Dec 13, 2011 at 8:53 AM, Olivier Lamy wrote: > 2011/12/13 Brett Porter : >> >> On 13/12/2011, at 7:38 PM, Olivier Lamy wrote: >> >>> Le 13 décembre 2011 09:35, Arnaud Héritier a écrit : Olivier increased it

Re: [CALL FOR TEST] Apache Maven 3.0.4-RC3 staged

> Agree. > I will add it in release and complete documentation here: > http://maven.apache.org/guides/mini/guide-http-settings.html This seems like a pretty big change and not enough people will read that and start to freak out. If maven worked all this time with no read timeout, why change it no

Re: RC release naming (was Re: [VOTE] Apache Maven 3.0.4 (take 2) )

> Again I start a release process and produce a "candidate for release" > build with a naming 3.0.4 for 5 days vote. > Something failed, so it has been fixed and I restarted a vote with a > second "candidate for release" called 3.0.4 for 5 days vote. > (retagging etc ) > > What is the differenc

Re: [CANCELLED] [VOTE] Apache Maven 3.0.4 (take 2)

On Sun, Dec 4, 2011 at 3:37 AM, Olivier Lamy wrote: > Hello, > The vote is cancelled due to the issue found by Dan. > > I will restart a vote when a fix will be available. An RC candidate I hope... > > > > 2011/12/1 Olivier Lamy : >> Hello, >> >> I'd like to release Apache Maven 3.0.4 (take 2).

Re: [VOTE] Apache Maven 3.0.4 (take 2)

The RCs were started for a very specific reason, to improve the quality of our releases. Just breezing through this thread, there are clearly issues with memory and some other stuff here that may be bigger than we understand in this small testing surface. An RC build will get more eyes and either c

  1   2   3   4   5   6   7   >