Thanks Elliotte! But allow me a bit of a rant here: - You explicitly reported "on my personal and slightly more up to date MacBook [...] [the test fails, hence am -1 on release]". - Then it turns out, you use Maven 3.5.0 (from 2018, unmaintained). - Then it turns out, you use Java 8u172 (from 2018, obviously outdated as current Java 8 is u300-ish).
All this caused a huge pollution to the voting thread. Personally, I don't care what downstream developers use (outdated Maven and/or Java and even OS) to build their stuff, but "at the source", where we produce Maven and related libraries for downstream consumption, we should be REALLY up to date. This is in OUR favor, just to make sure all the known issues from our tools can be excluded (or if new issues found, easier to find them), as much as possible. Due this, am on edge to call a vote to: - set Maven parent POM to contain enforcer rule, allowing only "maintained" Maven versions (as per https://maven.apache.org/docs/history.html) - set Maven parent POM to contain enforcer rule for "sanely up to date" Java versions (unsure is it possible, but to prevent someone trying Java 8u5 or alike). , Simply put, if we cannot enforce downstream users, at least it should be us, Maven devs, who use sane versions of our tooling (to produce Maven libraries). T On Thu, Apr 27, 2023 at 1:46 AM Elliotte Rusty Harold <elh...@ibiblio.org> wrote: > After updating to openjdk version "1.8.0_372" > OpenJDK Runtime Environment (build 1.8.0_372-bre_2023_04_25_03_25-b00) > OpenJDK 64-Bit Server VM (build 25.372-b00, mixed mode) > > the tests now pass, so it does seem this is an issue with the JDK that > made the keystore being newish. Only an issue for tests, so I'll > upgrade my vote to +0 on this release. It would be nice to use a more > broadly compatible format for the keystore. Given that the password is > in clear text in the source code on Github, I'm truly not concerned > about a theoretically inferior crypto algorithm being used for this > file, but it's not a release blocker. > > On Wed, Apr 26, 2023 at 11:17 PM Elliotte Rusty Harold > <elh...@ibiblio.org> wrote: > > > > On Wed, Apr 26, 2023 at 11:06 PM Jeremy Landis <jeremylan...@hotmail.com> > wrote: > > > > > > Without knowing more details myself, couple of possibilities come to > mind... > > > > > > - Was keystore made with newer jdk? See > https://support.oracle.com/knowledge/More%20Applications%20and%20Technologies/2847060_1.html > . > > > - Was the keystore filtered? > > > > > > Gut tells me it’s the first issue given how old 1.8.0_172 is > (2018-04-17). > > > > > > > Sounds possible. On the same MacBook I see > > > > $ keytool -list -keystore > > > maven-resolver-transport-http/src/test/resources/ssl/server-store-selfsigned > > Enter keystore password: > > keytool error: java.io.IOException: Invalid keystore format > > > > -- > > Elliotte Rusty Harold > > elh...@ibiblio.org > > > > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
