Re: Next Maven prerequisite for Maven Plugins
I agree.. we should go to the best version of each 3.x release so 3.0.5 (anything below has a bunch of issues) 3.1.1 (3.1.0 was effectively broken and hopefully nobody uses it) For 3.2 we dont know what that is yet ;-) manfred Karl Heinz Marbaise wrote on 12.10.2014 06:25: > Hi Robert, > > from my point of view minimum to 3.0.5 ...nothing below...afterwards > 3.1.1.and then 3.2.1...the latest releases from the appropriate > release lines 3.0.X, 3.1.X, 3.2.X, > > I wouldn't go to 3.1.0 at the moment cause that could be > confusingfrom user point of view...than there is a gap... > > 2.2.1 > 3.1.1 > > From my side... > > Kind regards > Karl Heinz Marbaise > > > Hi, >> >> Right now we change the Maven prerequisite to 2.2.1 and I noticed some >> new issues which already want to move it forward to 3.0.4. I wonder why >> to move to this version. >> >> Most (API-)changes have been introduced with the 3.0 alpha and beta >> releases. I don't think that the other 3.0.x releases provide that much >> more changes. >> So I would say that changing the required Maven version would be 3.0. >> *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, >> we should say that 3.0.5 is the next required version of Maven. >> And I could go one step further: if we want to get rid of the >> compatibility overhead for Aether (Sonatype versus Eclipse) we should >> change it to 3.1.0 >> >> So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to >> 3.0.4 unless there are better reasons then I mentioned above. >> >> Any other opinions? >> >> thanks, >> Robert > > Kind regards > Karl Heinz Marbaise > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
I would say if they are using M2e 1.4 and other older stuff they are fine to stick with older versions of Maven and Maven plugins as well. If they really want latest features and bug fixes they can either pay consultants to upgrade their environment or Maven committers to backport stuff for them. Or a mixture.. I very much think that using old stuff should be painful as a motivation to not use it ;-) manfred Anders Hammar wrote on 13.10.2014 12:03: >> >> this is the only change for 3.0.5: http://maven.apache.org/security.html >> bottom line: certificates are not checked. >> It's a serious security issue and for that reason I'd prefer 3.0.5 over >> 3.0.4 > > > Security issue or not, there are commercial IDEs out there (used by larger > companies) that include m2e 1.4.x or earlier, which is based on Maven > 3.0.4. Do we really want to disqualify those users? > > /Anders > > >> >> thanks, >> Robert >> >> Op Mon, 13 Oct 2014 07:48:11 +0200 schreef Anders Hammar < >> and...@hammar.net>: >> >> Personally I have a problem with a Maven 3.0.5 requirement. The reason is >>> that there are IDEs out there that is based on Maven 3.0.4. Also, IIRC >>> there was just a very minor (code wise) difference between Maven 3.0.5 and >>> 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. >>> Having said that, I'm in favor of moving to a Maven 3.0 requirement. And >>> making that a 3.0.4 requirement is fine with me. >>> >>> /Anders >>> >>> On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise >>> wrote: >>> >>> Hi Robert, from my point of view minimum to 3.0.5 ...nothing below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Kind regards Karl Heinz Marbaise > Hi, > Right now we change the Maven prerequisite to 2.2.1 and I noticed some > new issues which already want to move it forward to 3.0.4. I wonder why > to move to this version. > > Most (API-)changes have been introduced with the 3.0 alpha and beta > releases. I don't think that the other 3.0.x releases provide that much > more changes. > So I would say that changing the required Maven version would be 3.0. > *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, > we should say that 3.0.5 is the next required version of Maven. > And I could go one step further: if we want to get rid of the > compatibility overhead for Aether (Sonatype versus Eclipse) we should > change it to 3.1.0 > > So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to > 3.0.4 unless there are better reasons then I mentioned above. > > Any other opinions? > > thanks, > Robert > > Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org >> - >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> >> > - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
Le dimanche 12 octobre 2014 10:10:47 Benson Margulies a écrit : > On Sun, Oct 12, 2014 at 9:25 AM, Karl Heinz Marbaise wrote: > If, in > fact, no one is willing to make even a 3.0.x release, we should > 'unsupport' 3.0.x in the same way we unsupported 2.2.x. I'm willing to do a 3.0.6 release with a few backported updates: - MNG-5672: https for central - MNG-5477: "malformed POM" warning issued when no version in reporting section rationale: I have a case where we can't upgrade to 3.1+ due to Aether change that would require some server-side changes associated to plugins forced upgrade when moving to Maven 3.1+ In fact, one Maven version I wouldn't want to make a release is 3.1.x, since I don't know any reason for 3.1.x users not to switch to 3.2.x Regards, Hervé - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
If eclipse usage survey is any indication, users tend to move to the latest eclipse version quite fast. I think it is okay to expect m2e 1.5 or better at this point. For actively developed codebases anyways. On October 13, 2014 3:03:21 PM EDT, Anders Hammar wrote: >> >> this is the only change for 3.0.5: >http://maven.apache.org/security.html >> bottom line: certificates are not checked. >> It's a serious security issue and for that reason I'd prefer 3.0.5 >over >> 3.0.4 > > >Security issue or not, there are commercial IDEs out there (used by >larger >companies) that include m2e 1.4.x or earlier, which is based on Maven >3.0.4. Do we really want to disqualify those users? > >/Anders > > >> >> thanks, >> Robert >> >> Op Mon, 13 Oct 2014 07:48:11 +0200 schreef Anders Hammar < >> and...@hammar.net>: >> >> Personally I have a problem with a Maven 3.0.5 requirement. The >reason is >>> that there are IDEs out there that is based on Maven 3.0.4. Also, >IIRC >>> there was just a very minor (code wise) difference between Maven >3.0.5 and >>> 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. >>> Having said that, I'm in favor of moving to a Maven 3.0 requirement. >And >>> making that a 3.0.4 requirement is fine with me. >>> >>> /Anders >>> >>> On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise > >>> wrote: >>> >>> Hi Robert, from my point of view minimum to 3.0.5 ...nothing >below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Kind regards Karl Heinz Marbaise > Hi, > Right now we change the Maven prerequisite to 2.2.1 and I noticed >some > new issues which already want to move it forward to 3.0.4. I >wonder why > to move to this version. > > Most (API-)changes have been introduced with the 3.0 alpha and >beta > releases. I don't think that the other 3.0.x releases provide that >much > more changes. > So I would say that changing the required Maven version would be >3.0. > *If* we want to force users not to use 3.0.4 due to the >CVE-2013-0253, > we should say that 3.0.5 is the next required version of Maven. > And I could go one step further: if we want to get rid of the > compatibility overhead for Aether (Sonatype versus Eclipse) we >should > change it to 3.1.0 > > So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not >to > 3.0.4 unless there are better reasons then I mentioned above. > > Any other opinions? > > thanks, > Robert > > Kind regards Karl Heinz Marbaise >- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org >> - >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
> > this is the only change for 3.0.5: http://maven.apache.org/security.html > bottom line: certificates are not checked. > It's a serious security issue and for that reason I'd prefer 3.0.5 over > 3.0.4 Security issue or not, there are commercial IDEs out there (used by larger companies) that include m2e 1.4.x or earlier, which is based on Maven 3.0.4. Do we really want to disqualify those users? /Anders > > thanks, > Robert > > Op Mon, 13 Oct 2014 07:48:11 +0200 schreef Anders Hammar < > and...@hammar.net>: > > Personally I have a problem with a Maven 3.0.5 requirement. The reason is >> that there are IDEs out there that is based on Maven 3.0.4. Also, IIRC >> there was just a very minor (code wise) difference between Maven 3.0.5 and >> 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. >> Having said that, I'm in favor of moving to a Maven 3.0 requirement. And >> making that a 3.0.4 requirement is fine with me. >> >> /Anders >> >> On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise >> wrote: >> >> Hi Robert, >>> >>> from my point of view minimum to 3.0.5 ...nothing below...afterwards >>> 3.1.1.and then 3.2.1...the latest releases from the appropriate >>> release >>> lines 3.0.X, 3.1.X, 3.2.X, >>> >>> I wouldn't go to 3.1.0 at the moment cause that could be >>> confusingfrom >>> user point of view...than there is a gap... >>> >>> 2.2.1 >>> 3.1.1 >>> >>> From my side... >>> >>> Kind regards >>> Karl Heinz Marbaise >>> >>> > Hi, >>> >>> Right now we change the Maven prerequisite to 2.2.1 and I noticed some new issues which already want to move it forward to 3.0.4. I wonder why to move to this version. Most (API-)changes have been introduced with the 3.0 alpha and beta releases. I don't think that the other 3.0.x releases provide that much more changes. So I would say that changing the required Maven version would be 3.0. *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we should say that 3.0.5 is the next required version of Maven. And I could go one step further: if we want to get rid of the compatibility overhead for Aether (Sonatype versus Eclipse) we should change it to 3.1.0 So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to 3.0.4 unless there are better reasons then I mentioned above. Any other opinions? thanks, Robert >>> Kind regards >>> Karl Heinz Marbaise >>> >>> >>> - >>> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >>> For additional commands, e-mail: dev-h...@maven.apache.org >>> >>> > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: Next Maven prerequisite for Maven Plugins
Op Sun, 12 Oct 2014 16:10:47 +0200 schreef Benson Margulies : On Sun, Oct 12, 2014 at 9:25 AM, Karl Heinz Marbaise wrote: Hi Robert, from my point of view minimum to 3.0.5 ...nothing below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Here's what I _think_ is going on here. Two issues. First, Maven 3.0 was a bit of a camel; there are a number of issues with how Aether and such are plugged in that lead to problems in plugin development. Witness the mess in the dependency plugin as it tried/tries to straddle. So, there's a desire to pull the floor up on the plugins in the hopes of getting to the point where, in general, plugin developers are dealing with a rationalized view of artifacts, dependencies, the like. I agree that we underestimated the impact of changing from Sonatypes Aether to Eclipses Aether. It has happened and all plugins related have now been fixed for both Aether versions. So we're kind of okay here, though this part will stay tricky (for committers and contributors) as long as we need to support both Aether version Second. this group made a decision to stop supporting Maven 2.x core, period. So, it seemed that a reasonable sequel to that was to pull the floor up to, at least, the lowest supported version of the core. Is anyone here committed to making 3.0 alpha-x bugfix releases? No; at most, someone might be willing to make another 3.0.x. So requiring 3.0.x to get new versions of plugins makes logical sense to me. If, in fact, no one is willing to make even a 3.0.x release, we should 'unsupport' 3.0.x in the same way we unsupported 2.2.x. I'm not _advocating_ here. I agree that is should be the lowest, i.e. 3.0.x plugins should be able to run with 3.0 and above. In fact 2.2.1 could also be called the lowest since we marked 2.2.0 as an corrupt/invalid release. thanks, Robert Kind regards Karl Heinz Marbaise Hi, Right now we change the Maven prerequisite to 2.2.1 and I noticed some new issues which already want to move it forward to 3.0.4. I wonder why to move to this version. Most (API-)changes have been introduced with the 3.0 alpha and beta releases. I don't think that the other 3.0.x releases provide that much more changes. So I would say that changing the required Maven version would be 3.0. *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we should say that 3.0.5 is the next required version of Maven. And I could go one step further: if we want to get rid of the compatibility overhead for Aether (Sonatype versus Eclipse) we should change it to 3.1.0 So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to 3.0.4 unless there are better reasons then I mentioned above. Any other opinions? thanks, Robert Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
Anders, this is the only change for 3.0.5: http://maven.apache.org/security.html bottom line: certificates are not checked. It's a serious security issue and for that reason I'd prefer 3.0.5 over 3.0.4 thanks, Robert Op Mon, 13 Oct 2014 07:48:11 +0200 schreef Anders Hammar : Personally I have a problem with a Maven 3.0.5 requirement. The reason is that there are IDEs out there that is based on Maven 3.0.4. Also, IIRC there was just a very minor (code wise) difference between Maven 3.0.5 and 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. Having said that, I'm in favor of moving to a Maven 3.0 requirement. And making that a 3.0.4 requirement is fine with me. /Anders On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise wrote: Hi Robert, from my point of view minimum to 3.0.5 ...nothing below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Kind regards Karl Heinz Marbaise > Hi, Right now we change the Maven prerequisite to 2.2.1 and I noticed some new issues which already want to move it forward to 3.0.4. I wonder why to move to this version. Most (API-)changes have been introduced with the 3.0 alpha and beta releases. I don't think that the other 3.0.x releases provide that much more changes. So I would say that changing the required Maven version would be 3.0. *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we should say that 3.0.5 is the next required version of Maven. And I could go one step further: if we want to get rid of the compatibility overhead for Aether (Sonatype versus Eclipse) we should change it to 3.1.0 So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to 3.0.4 unless there are better reasons then I mentioned above. Any other opinions? thanks, Robert Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
Robert Scholte wrote: > Hi, > > Right now we change the Maven prerequisite to 2.2.1 and I noticed some new > issues which already want to move it forward to 3.0.4. I wonder why to > move to this version. > > Most (API-)changes have been introduced with the 3.0 alpha and beta > releases. I don't think that the other 3.0.x releases provide that much > more changes. > So I would say that changing the required Maven version would be 3.0. > *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we > should say that 3.0.5 is the next required version of Maven. > And I could go one step further: if we want to get rid of the > compatibility overhead for Aether (Sonatype versus Eclipse) we should > change it to 3.1.0 > > So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to > 3.0.4 unless there are better reasons then I mentioned above. > > Any other opinions? That's the point we always feared, because as long MNG-5207 is not solved, Maven 2.2.1 is the last version that produces for us reliable results at all. - Jörg - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
Personally I have a problem with a Maven 3.0.5 requirement. The reason is that there are IDEs out there that is based on Maven 3.0.4. Also, IIRC there was just a very minor (code wise) difference between Maven 3.0.5 and 3.0.4, so requiring 3.0.5 (instead of 3.0.4) wouldn't give us much. Having said that, I'm in favor of moving to a Maven 3.0 requirement. And making that a 3.0.4 requirement is fine with me. /Anders On Sun, Oct 12, 2014 at 3:25 PM, Karl Heinz Marbaise wrote: > Hi Robert, > > from my point of view minimum to 3.0.5 ...nothing below...afterwards > 3.1.1.and then 3.2.1...the latest releases from the appropriate release > lines 3.0.X, 3.1.X, 3.2.X, > > I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom > user point of view...than there is a gap... > > 2.2.1 > 3.1.1 > > From my side... > > Kind regards > Karl Heinz Marbaise > > > Hi, > >> >> Right now we change the Maven prerequisite to 2.2.1 and I noticed some >> new issues which already want to move it forward to 3.0.4. I wonder why >> to move to this version. >> >> Most (API-)changes have been introduced with the 3.0 alpha and beta >> releases. I don't think that the other 3.0.x releases provide that much >> more changes. >> So I would say that changing the required Maven version would be 3.0. >> *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, >> we should say that 3.0.5 is the next required version of Maven. >> And I could go one step further: if we want to get rid of the >> compatibility overhead for Aether (Sonatype versus Eclipse) we should >> change it to 3.1.0 >> >> So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to >> 3.0.4 unless there are better reasons then I mentioned above. >> >> Any other opinions? >> >> thanks, >> Robert >> > > Kind regards > Karl Heinz Marbaise > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: Next Maven prerequisite for Maven Plugins
Am 2014-10-12 um 16:10 schrieb Benson Margulies: On Sun, Oct 12, 2014 at 9:25 AM, Karl Heinz Marbaise wrote: Hi Robert, from my point of view minimum to 3.0.5 ...nothing below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Here's what I _think_ is going on here. Two issues. First, Maven 3.0 was a bit of a camel; there are a number of issues with how Aether and such are plugged in that lead to problems in plugin development. Witness the mess in the dependency plugin as it tried/tries to straddle. So, there's a desire to pull the floor up on the plugins in the hopes of getting to the point where, in general, plugin developers are dealing with a rationalized view of artifacts, dependencies, the like. Second. this group made a decision to stop supporting Maven 2.x core, period. So, it seemed that a reasonable sequel to that was to pull the floor up to, at least, the lowest supported version of the core. Is anyone here committed to making 3.0 alpha-x bugfix releases? No; at most, someone might be willing to make another 3.0.x. So requiring 3.0.x to get new versions of plugins makes logical sense to me. If, in fact, no one is willing to make even a 3.0.x release, we should 'unsupport' 3.0.x in the same way we unsupported 2.2.x. I'm not _advocating_ here. +2 I have started a discussion here several months ago and all upcoming releaes of 3.0.x and 3.1.x have been removed from MNG by me. I second your opinion, Karl Heinz should complete 2.2.1 upgrade for plugins and some time later (e.g. 2015-01) we should announce EOL of 3.0.x. Sthis would make split code for Aether and probably other issues way easier. Michael - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
On Sun, Oct 12, 2014 at 9:25 AM, Karl Heinz Marbaise wrote: > Hi Robert, > > from my point of view minimum to 3.0.5 ...nothing below...afterwards > 3.1.1.and then 3.2.1...the latest releases from the appropriate release > lines 3.0.X, 3.1.X, 3.2.X, > > I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom > user point of view...than there is a gap... > > 2.2.1 > 3.1.1 > > From my side... Here's what I _think_ is going on here. Two issues. First, Maven 3.0 was a bit of a camel; there are a number of issues with how Aether and such are plugged in that lead to problems in plugin development. Witness the mess in the dependency plugin as it tried/tries to straddle. So, there's a desire to pull the floor up on the plugins in the hopes of getting to the point where, in general, plugin developers are dealing with a rationalized view of artifacts, dependencies, the like. Second. this group made a decision to stop supporting Maven 2.x core, period. So, it seemed that a reasonable sequel to that was to pull the floor up to, at least, the lowest supported version of the core. Is anyone here committed to making 3.0 alpha-x bugfix releases? No; at most, someone might be willing to make another 3.0.x. So requiring 3.0.x to get new versions of plugins makes logical sense to me. If, in fact, no one is willing to make even a 3.0.x release, we should 'unsupport' 3.0.x in the same way we unsupported 2.2.x. I'm not _advocating_ here. > > Kind regards > Karl Heinz Marbaise > >> Hi, >> >> >> Right now we change the Maven prerequisite to 2.2.1 and I noticed some >> new issues which already want to move it forward to 3.0.4. I wonder why >> to move to this version. >> >> Most (API-)changes have been introduced with the 3.0 alpha and beta >> releases. I don't think that the other 3.0.x releases provide that much >> more changes. >> So I would say that changing the required Maven version would be 3.0. >> *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, >> we should say that 3.0.5 is the next required version of Maven. >> And I could go one step further: if we want to get rid of the >> compatibility overhead for Aether (Sonatype versus Eclipse) we should >> change it to 3.1.0 >> >> So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to >> 3.0.4 unless there are better reasons then I mentioned above. >> >> Any other opinions? >> >> thanks, >> Robert > > > Kind regards > Karl Heinz Marbaise > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Next Maven prerequisite for Maven Plugins
Hi Robert, from my point of view minimum to 3.0.5 ...nothing below...afterwards 3.1.1.and then 3.2.1...the latest releases from the appropriate release lines 3.0.X, 3.1.X, 3.2.X, I wouldn't go to 3.1.0 at the moment cause that could be confusingfrom user point of view...than there is a gap... 2.2.1 3.1.1 From my side... Kind regards Karl Heinz Marbaise > Hi, Right now we change the Maven prerequisite to 2.2.1 and I noticed some new issues which already want to move it forward to 3.0.4. I wonder why to move to this version. Most (API-)changes have been introduced with the 3.0 alpha and beta releases. I don't think that the other 3.0.x releases provide that much more changes. So I would say that changing the required Maven version would be 3.0. *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we should say that 3.0.5 is the next required version of Maven. And I could go one step further: if we want to get rid of the compatibility overhead for Aether (Sonatype versus Eclipse) we should change it to 3.1.0 So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to 3.0.4 unless there are better reasons then I mentioned above. Any other opinions? thanks, Robert Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Next Maven prerequisite for Maven Plugins
Hi, Right now we change the Maven prerequisite to 2.2.1 and I noticed some new issues which already want to move it forward to 3.0.4. I wonder why to move to this version. Most (API-)changes have been introduced with the 3.0 alpha and beta releases. I don't think that the other 3.0.x releases provide that much more changes. So I would say that changing the required Maven version would be 3.0. *If* we want to force users not to use 3.0.4 due to the CVE-2013-0253, we should say that 3.0.5 is the next required version of Maven. And I could go one step further: if we want to get rid of the compatibility overhead for Aether (Sonatype versus Eclipse) we should change it to 3.1.0 So I'd prefer to move forward to 3.0, maybe even to 3.1.0, but not to 3.0.4 unless there are better reasons then I mentioned above. Any other opinions? thanks, Robert - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org