Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-27 Thread Robert Scholte
k might be grammatically better: > > “Once the vote has passed, svn move to the release tree ” > > +1.5 non-binding :) > > > > > From: Hervé BOUTEMY > Reply: Maven Developers List > Date: 27 March 2021 at 2:19:48 PM > To: Maven Developers List > Subject: Re:

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Arnaud Héritier
> > +1.5 non-binding :) > > > > > From: Hervé BOUTEMY > Reply: Maven Developers List > Date: 27 March 2021 at 2:19:48 PM > To: Maven Developers List > Subject: Re: [VOTE] Release Apache Maven version 3.8.0 > > first pass of documentation

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Mark Derricutt
2021 at 2:19:48 PM To: Maven Developers List Subject: Re: [VOTE] Release Apache Maven version 3.8.0 first pass of documentation improvement done in github.com/apache/maven-site/commit/ec73b445adc7012e1384cf1b89af3f0a6f5eee17 please all review and see if anything you read may be mis-interpreted

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Hervé BOUTEMY
dist.apache.org/repos/dist/release/maven/maven–3/3.8.0/binaries/apache-mav > > en–3.8.0-bin.zip> > > > > < > > > > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/bina > > ries/apache-maven%E2%80%933.8.0-bin.zip> > &

[CANCELLED] [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Robert Scholte
Based on the finding by Maarten I'll drop the release. We'll work on a new one. thanks, Robert On 22-3-2021 20:40:41, Robert Scholte wrote: Hi, For the details about this release, please read  https://maven.apache.org/docs/3.8.0/release-notes.html Also please provide feedback on the release not

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Robert Scholte
gt; > < > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-bin.zip > > > > > > > < > > > > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-b

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Olivier Lamy
p > > > > > > > < > > > > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-bin.zip > > > > > > > > > < > > > > > > > > > http://dist.apache.org/repos/

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Maxim Solodovnik
gt; > < > > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-bin.zip > > > > > > > < > > > > > > http://dist.apache.org/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-bin.zip > &g

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Guillaume Nodet
rg/repos/dist/release/maven/maven%E2%80%933/3.8.0/binaries/apache-maven%E2%80%933.8.0-bin.zip > > > > > > > > > > which doesn’t really highlight anywhere that this is a > staging/unreleased > > > version. > > > > > > Tho changing that pro

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Olivier Lamy
ight anywhere that this is a > staging/unreleased > > > version. > > > > > > Tho changing that probably won’t change too much here. > > > > > > *ponders* > > > > > > > > > > > > > > > From: Gary G

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Enrico Olivelli
where that this is a staging/unreleased > > > version. > > > > > > Tho changing that probably won’t change too much here. > > > > > > *ponders* > > > > > > > > > > > > > > > From: Gary Gregory > > > Re

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-26 Thread Maxim Solodovnik
pache-maven%E2%80%933.8.0-bin.zip > > > > > > > which doesn’t really highlight anywhere that this is a staging/unreleased > > version. > > > > Tho changing that probably won’t change too much here. > > > > *ponders* > > > > > > > &

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Olivier Lamy
t; > which doesn’t really highlight anywhere that this is a staging/unreleased > version. > > Tho changing that probably won’t change too much here. > > *ponders* > > > > > From: Gary Gregory > Reply: Maven Developers List > Date: 26 March 2021 at 2:13:05 P

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Mark Derricutt
ywhere that this is a staging/unreleased version. Tho changing that probably won’t change too much here. *ponders* From: Gary Gregory Reply: Maven Developers List Date: 26 March 2021 at 2:13:05 PM To: Maven Developers List Subject: Re: [VOTE] Release Apache Maven version 3.8.0 It's p

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Gary Gregory
m > > happy for a +1. > > > > Tho I wonder what the recourse would be if needing to respin the release > - > > 3.8.1 version bump or? > > > > Is there anyway to prevent this happening again? ( Probably off-thread > > replies would be best ). > > >

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Hervé BOUTEMY
I'm not worried about attempt to download: the issue you found proves that the value of the mirror url blocks anything, even if not really the ideal way but you're right that it's hard to understand from a user perspective... I just managed to fix the issue: https://github.com/apache/maven/commi

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Nick Stolwijk
this instance I’m > happy for a +1. > > Tho I wonder what the recourse would be if needing to respin the release - > 3.8.1 version bump or? > > Is there anyway to prevent this happening again? ( Probably off-thread > replies would be best ). > > Mark > > >

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Mark Derricutt
event this happening again? ( Probably off-thread replies would be best ). Mark From: Tibor Digana Reply: Maven Developers List Date: 26 March 2021 at 8:05:51 AM To: Maven Developers List Subject: Re: [VOTE] Release Apache Maven version 3.8.0 here is mine +1. The amount of work means more for

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-25 Thread Tibor Digana
here is mine +1. The amount of work means more for me than the version 3.7.0 we skipped. We can improve it in the future of course! Regarding the issues found with the Warning on the console, these issues can be fixed as always, right after. T On Mon, Mar 22, 2021 at 8:40 PM Robert Scholte wrote:

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-24 Thread Maarten Mulders
A 0-vote from my side. As far as I can tell, non-TLS repos are indeed blocked. That is the main reason for cutting this release, and it works, which is good. But if I understood Hervé correctly, the message that appears when Maven attempts download of an artifact over a non-TLS connection diff

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-24 Thread Gary Gregory
Whenever I have to explain to colleagues that Maven "burns" version numbers when a release candidate fails or some other obtuse reason, they are just as baffled as I am. In the end it does not matter it's just bizarre. Gary On Tue, Mar 23, 2021, 20:58 Olivier Lamy wrote: > +0 > Same reason as R

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-24 Thread Brian Fox
I'm +1. If the worst thing we can find to worry about is the version number 3.7, 3.8, then it seems like we're close enough. On Wed, Mar 24, 2021 at 3:11 AM Romain Manni-Bucau wrote: > > +0 cause of the versioning which is unexpected (but you know what? since it > is a git tag we can drop it and

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-24 Thread Romain Manni-Bucau
+0 cause of the versioning which is unexpected (but you know what? since it is a git tag we can drop it and recreate it since only the hash is used and not the name so we can do the 3.7.0 ;)). Romain Manni-Bucau @rmannibucau | Blog

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-23 Thread Hervé BOUTEMY
you know what? now that the tag is done, we can't revert :) Le mercredi 24 mars 2021, 01:58:19 CET Olivier Lamy a écrit : > +0 > Same reason as Ralph, the versioning seems weird to me. > I don't understand the reasoning of version number. Our version number > doesn't have to be managed by some twe

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-23 Thread Olivier Lamy
+0 Same reason as Ralph, the versioning seems weird to me. I don't understand the reasoning of version number. Our version number doesn't have to be managed by some tweet or google links. On Wed, 24 Mar 2021 at 09:17, Ralph Goers wrote: > If I were a user and expected the feature to be in 3.7.0

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-23 Thread Ralph Goers
If I were a user and expected the feature to be in 3.7.0 then I would certainly also expect it in 3.8.0. The only ways to avoid this are a) stay on 3.6.x.x until the feature is available, b) specifically say the promised features aren’t available yet. That said I’m +0 on the version numbering.

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-23 Thread Hervé BOUTEMY
after some review together, we identified that such basic error message happens when blocked HTTP repository is defined in build pom.xml Ideally, we would need an enhanced error message like it happens when HTTP repository is defined in a dependency POM Jira issue created for tracking that enhan

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-23 Thread Brian Fox
The CVE is for documentation and the hardening of default behavior, it's not your typical zero day. On Mon, Mar 22, 2021 at 10:53 PM Gary Gregory wrote: > > You are acknowledging a CVE _before_ a release? > > Gary > > > On Mon, Mar 22, 2021, 15:40 Robert Scholte wrote: > > > Hi, > > > > For the

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Hervé BOUTEMY
what "mvn" command are you running? can you send me the full logs, please? Regards, Hervé Le lundi 22 mars 2021, 22:00:31 CET Maarten Mulders a écrit : > Tested on a MacBook, set up a HTTP (non-TLS) repository, and removed a > part of my ~/.m2/repository. The missing artifacts are not downloaded

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Gary Gregory
You are acknowledging a CVE _before_ a release? Gary On Mon, Mar 22, 2021, 15:40 Robert Scholte wrote: > Hi, > > For the details about this release, please read > https://maven.apache.org/docs/3.8.0/release-notes.html > Also please provide feedback on the release notes. (as you know, these are

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Robert Scholte
There were enough tweets and conference talks were I demonstrated the idea behind build/consumer. Of course the audience wanted to hear a version, so the best possible answer was "most likely 3.7.0" First Google hit: Maven 3.7 to Include Default Wrapper - InfoQ[1] and you can find much more. Sev

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Maarten Mulders
Tested on a MacBook, set up a HTTP (non-TLS) repository, and removed a part of my ~/.m2/repository. The missing artifacts are not downloaded over HTTP, which is good: Downloading from maven-default-http-blocker: http://0.0.0.0/... Downloading from maven-default-http-blocker: http://0.0

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Arnaud Héritier
Well done team. Not yet tested, I'll vote later. About the release note the link to the Repository Order page is broken. I think it is because the link doesn't have the https:// pre

Re: [VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Elliotte Rusty Harold
I'm a weak -1 on this, solely because I don't find the reasoning for not calling this 3.7.0 to be compelling. "Apache Maven 3.7.0 would be the first release where you could optionally activate the build/consumer feature. This version of this release has been renamed to 4.0.0. Reusing 3.7.0 might le

[VOTE] Release Apache Maven version 3.8.0

2021-03-22 Thread Robert Scholte
Hi, For the details about this release, please read  https://maven.apache.org/docs/3.8.0/release-notes.html Also please provide feedback on the release notes. (as you know, these are published separately from the release, so it doesn't have to block the release itself) We solved 5 issues: https