Op Sun, 12 Oct 2014 16:10:47 +0200 schreef Benson Margulies <bimargul...@gmail.com>:

On Sun, Oct 12, 2014 at 9:25 AM, Karl Heinz Marbaise <khmarba...@gmx.de> wrote:
Hi Robert,

from my point of view minimum to 3.0.5 ...nothing below...afterwards
3.1.1.....and then 3.2.1...the latest releases from the appropriate release
lines 3.0.X, 3.1.X, 3.2.X,....

I wouldn't go to 3.1.0 at the moment cause that could be confusing....from
user point of view...than there is a gap...

2.2.1
3.1.1

From my side...

Here's what I _think_ is going on here. Two issues.

First, Maven 3.0 was a bit of a camel; there are a number of issues
with how Aether and such are plugged in that lead to problems in
plugin development. Witness the mess in the dependency plugin as it
tried/tries to straddle. So, there's a desire to pull the floor up on
the plugins in the hopes of getting to the point where, in general,
plugin developers are dealing with a rationalized view of artifacts,
dependencies, the like.

I agree that we underestimated the impact of changing from Sonatypes Aether to Eclipses Aether. It has happened and all plugins related have now been fixed for both Aether versions. So we're kind of okay here, though this part will stay tricky (for committers and contributors) as long as we need to support both Aether version


Second. this group made a decision to stop supporting Maven 2.x core,
period. So, it seemed that a reasonable sequel to that was to pull the
floor up to, at least, the lowest supported version of the core. Is
anyone here committed to making 3.0 alpha-x bugfix releases? No; at
most, someone might be willing to make another 3.0.x. So requiring
3.0.x to get new versions of plugins makes logical sense to me. If, in
fact, no one is willing to make even a 3.0.x release, we should
'unsupport' 3.0.x in the same way we unsupported 2.2.x. I'm not
_advocating_ here.


I agree that is should be the lowest, i.e. 3.0.x plugins should be able to run with 3.0 and above. In fact 2.2.1 could also be called the lowest since we marked 2.2.0 as an corrupt/invalid release.

thanks,
Robert




Kind regards
Karl Heinz Marbaise

Hi,


Right now we change the Maven prerequisite to 2.2.1 and I noticed some
new issues which already want to move it forward to 3.0.4. I wonder why
to move to this version.

Most (API-)changes have been introduced with the 3.0 alpha and beta
releases. I don't think that the other 3.0.x releases provide that much
more changes.
So I would say that changing the required Maven version would be 3.0.
*If* we want to force users not to use 3.0.4 due to the CVE-2013-0253,
we should say that 3.0.5 is the next required version of Maven.
And I could go one step further: if we want to get rid of the
compatibility overhead for Aether (Sonatype versus Eclipse) we should
change it to 3.1.0

So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to
3.0.4 unless there are better reasons then I mentioned above.

Any other opinions?

thanks,
Robert


Kind regards
Karl Heinz Marbaise


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Reply via email to