If eclipse usage survey is any indication, users tend to move to the latest eclipse version quite fast. I think it is okay to expect m2e 1.5 or better at this point. For actively developed codebases anyways.
On October 13, 2014 3:03:21 PM EDT, Anders Hammar <and...@hammar.net> wrote: >> >> this is the only change for 3.0.5: >http://maven.apache.org/security.html >> bottom line: certificates are not checked. >> It's a serious security issue and for that reason I'd prefer 3.0.5 >over >> 3.0.4 > > >Security issue or not, there are commercial IDEs out there (used by >larger >companies) that include m2e 1.4.x or earlier, which is based on Maven >3.0.4. Do we really want to disqualify those users? > >/Anders > > >> >> thanks, >> Robert >> >> Op Mon, 13 Oct 2014 07:48:11 +0200 schreef Anders Hammar < >> and...@hammar.net>: >> >> Personally I have a problem with a Maven 3.0.5 requirement. The >reason is >>> that there are IDEs out there that is based on Maven 3.0.4. Also, >IIRC >>> there was just a very minor (code wise) difference between Maven >3.0.5 and >>> 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. >>> Having said that, I'm in favor of moving to a Maven 3.0 requirement. >And >>> making that a 3.0.4 requirement is fine with me. >>> >>> /Anders >>> >>> On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise ><khmarba...@gmx.de> >>> wrote: >>> >>> Hi Robert, >>>> >>>> from my point of view minimum to 3.0.5 ...nothing >below...afterwards >>>> 3.1.1.....and then 3.2.1...the latest releases from the appropriate >>>> release >>>> lines 3.0.X, 3.1.X, 3.2.X,.... >>>> >>>> I wouldn't go to 3.1.0 at the moment cause that could be >>>> confusing....from >>>> user point of view...than there is a gap... >>>> >>>> 2.2.1 >>>> 3.1.1 >>>> >>>> From my side... >>>> >>>> Kind regards >>>> Karl Heinz Marbaise >>>> >>>> > Hi, >>>> >>>> >>>>> Right now we change the Maven prerequisite to 2.2.1 and I noticed >some >>>>> new issues which already want to move it forward to 3.0.4. I >wonder why >>>>> to move to this version. >>>>> >>>>> Most (API-)changes have been introduced with the 3.0 alpha and >beta >>>>> releases. I don't think that the other 3.0.x releases provide that >much >>>>> more changes. >>>>> So I would say that changing the required Maven version would be >3.0. >>>>> *If* we want to force users not to use 3.0.4 due to the >CVE-2013-0253, >>>>> we should say that 3.0.5 is the next required version of Maven. >>>>> And I could go one step further: if we want to get rid of the >>>>> compatibility overhead for Aether (Sonatype versus Eclipse) we >should >>>>> change it to 3.1.0 >>>>> >>>>> So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not >to >>>>> 3.0.4 unless there are better reasons then I mentioned above. >>>>> >>>>> Any other opinions? >>>>> >>>>> thanks, >>>>> Robert >>>>> >>>>> >>>> Kind regards >>>> Karl Heinz Marbaise >>>> >>>> >>>> >--------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >>>> For additional commands, e-mail: dev-h...@maven.apache.org >>>> >>>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org