Re: fixing the list of artifacts in maven-metadata.xml

2018-03-06 Thread Anders Hammar
Right, the updateReleaseInfo param will IIRC just add the release being deployed to the list. Not rebuild old data. That's why you need Sonatype to fix old data and then the updateReleaseInfo param needs to be used for future releases (which should be the case if the release-profile profile from

Re: fixing the list of artifacts in maven-metadata.xml

2018-03-06 Thread Hervé BOUTEMY
thank you Anders: I think I'll create a MVNCENTRAL issue and report here to share experience on this common scenario On the updateReleaseInfo parameter of deploy plugin, I don't see how this can rebuild the versions list from the real content in the repository Regards, Hervé Le mardi 6 mars

Re: RFC: Maven to raise a notification if downloading vulnerable content

2018-03-06 Thread Hervé BOUTEMY
Hi, A few thoughts: - there are more than 2 repository providers: http://maven.apache.org/repository-management.html - issuing a warning only when *downloading* content that has a CVE IMHO won't really be efficient, given there is a local cache: if you miss the warning at first download,

Re: RFC: Maven to raise a notification if downloading vulnerable content

2018-03-06 Thread Peter Muryshkin
Hi, Chas, thanks for answering, absolutely! I see this as a comprehensive approach which cannot be done on just one side: - IETF to define a new header X-something or even HTTP response code standard i.e. "460 - Content generally known to be insecure" - Repository providers to implement issuing

New maintenance release of maven-install-plugin is required

2018-03-06 Thread Ianislav Trendafilov
Hello, There is an outstanding bug with maven-install-plugin , which was fixed 3 YEARS AGO, yet there is no new release of that plugin! https://issues.apache.org/jira/browse/MINSTALL-110 Please consider doing a maintenance release of the plugin including a the fix for that. Kind Regards,

Plans to release 3.0.0 of the ear plugin?

2018-03-06 Thread Jim Sellers
Hi all. Thanks for the hard work. I'm wondering if there are plans to release the ear plugin any time soon? I'm trying to mass test our java 9+ readiness without changing all the build plans to disable ear modules. I see 2 unresolved ticket there, but they are from 2015.

Re: RFC: Maven to raise a notification if downloading vulnerable content

2018-03-06 Thread Chas Honton
If you want the package repository to add the header, you will need to make your request to Sonatype (Nexus) and JFrog (Artifactory) Chas > On Mar 6, 2018, at 4:12 AM, Peter Muryshkin wrote: > > Hi, all, > > currently you can run OWASP dependency check plugin against

[ANN] Apache Maven Surefire Plugin 2.21.0 Released

2018-03-06 Thread Tibor Digana
The Apache Maven team is pleased to announce the release of the Apache Maven Surefire Plugin, version 2.21.0. The release contains 33 bug fixes. Again we received contributions from the community in form of bug reports and bug fixes. Thank you and keep them coming!

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Tibor Digana
Hello Gary, yes but my typo was corrected in the second e-mail. On Tue, Mar 6, 2018 at 5:16 PM, Gary Gregory wrote: > This thread has the wrong VERSION in its subject. > > Gary > > On Sat, Mar 3, 2018 at 4:42 AM, Tibor Digana > wrote: > > > Hi, >

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Tibor Digana
I will fix all mentioned issues above but this one. I only guess what has happened. So I need to have a log from Herve to make sure my guess is right. On Tue, Mar 6, 2018 at 3:38 PM, Eric Lilja wrote: > On 2018-03-06 14:27, Tibor Digana wrote: > >> >> Hi Herve, >>> >>> Can

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Gary Gregory
This thread has the wrong VERSION in its subject. Gary On Sat, Mar 3, 2018 at 4:42 AM, Tibor Digana wrote: > Hi, > > We solved 33 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa? > projectId=12317927=12341630 > > There are still a couple of issues left

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Eric Lilja
On 2018-03-06 14:27, Tibor Digana wrote: Hi Herve, Can you send me a zip of the test which failed *surefire-its/target/Surefire1177TestngParallelSuitesIT_shouldRunTwoSuitesInParallel* ? It is a parallelism in TestNG. I will discuss it with the guys in TestNG team on GitHub. Thx. Tibor

Re: [RESULT] [VOTE] Release Apache Maven Surefire Plugin version 2.21.0

2018-03-06 Thread Enrico Olivelli
Great Thank you Enrico Il mar 6 mar 2018, 14:32 Tibor Digana ha scritto: > Hi, > > The vote has passed with the following result: > > +1 : Stephane Nicoll, Robert Scholte, Karl Heinz Marbaise, Olivier Lamy, > Enrico Olivelli, Hervé BOUTEMY, Tibor Digana > 0 : none > -1

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.21.0

2018-03-06 Thread Tibor Digana
Thx Robert for your voice in the release vote. Cheers Tibor On Sun, Mar 4, 2018 at 3:47 PM, Robert Scholte wrote: > +1 > > On Sat, 03 Mar 2018 12:42:48 +0100, Tibor Digana > wrote: > > Hi, >> >> We solved 33 issues: >>

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Tibor Digana
Thx to everybody! On Tue, Mar 6, 2018 at 2:27 PM, Tibor Digana wrote: > +1 > > On Tue, Mar 6, 2018 at 10:26 AM, Tibor Digana > wrote: > >> Hi Herve, >> >> Can you send me a zip of the test which failed >>

[RESULT] [VOTE] Release Apache Maven Surefire Plugin version 2.21.0

2018-03-06 Thread Tibor Digana
Hi, The vote has passed with the following result: +1 : Stephane Nicoll, Robert Scholte, Karl Heinz Marbaise, Olivier Lamy, Enrico Olivelli, Hervé BOUTEMY, Tibor Digana 0 : none -1 : none. PMC quorum: accomplished. I will promote the artifacts to the central repository. Cheers Tibor

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Tibor Digana
+1 On Tue, Mar 6, 2018 at 10:26 AM, Tibor Digana wrote: > Hi Herve, > > Can you send me a zip of the test which failed > *surefire-its/target/Surefire1177TestngParallelSuitesIT_shouldRunTwoSuitesInParallel* > ? > It is a parallelism in TestNG. I will discuss it with the

RFC: Maven to raise a notification if downloading vulnerable content

2018-03-06 Thread Peter Muryshkin
Hi, all, currently you can run OWASP dependency check plugin against your projects. Though, this seems to make security more or less optional: unaware either lightheaded teams could miss this. What if a package repository would integrate with this dependency checking and issue a warning, say a

[RESULT] [VOTE] Release Apache Maven 3.5.3

2018-03-06 Thread Stephen Connolly
On 24 February 2018 at 22:00, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > Hi, > > We solved 22 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa? > version=12341428=Text=12316922 > > There are 381 issues left in JIRA for Maven core: >

[GitHub] maven issue #161: [MNG-6370] Fix typo in list filtering ConcurrencyDependenc...

2018-03-06 Thread michael-o
Github user michael-o commented on the issue: https://github.com/apache/maven/pull/161 @slachiewicz I am ready to merge, @rfscholte [requested a unit test](https://www.mail-archive.com/dev@maven.apache.org/msg116360.html). Can you add one and I will merge it with a smile= ---

Re: [VOTE] Release Apache Maven Surefire Plugin version 2.20.1

2018-03-06 Thread Tibor Digana
Hi Herve, Can you send me a zip of the test which failed *surefire-its/target/Surefire1177TestngParallelSuitesIT_shouldRunTwoSuitesInParallel* ? It is a parallelism in TestNG. I will discuss it with the guys in TestNG team on GitHub. Thx. Tibor On Tue, Mar 6, 2018 at 7:50 AM, Hervé BOUTEMY