Re: Publish Via the Central Portal

> We are also working on Maven 4, so today the plugin should be possible to > > use with the next Maven major version. > > As I remember nexus-staging-plugin can not be used with Maven 4. > > Can a new plugin be used with Maven 4? > > > > > > śr., 1 maj 202

Re: Publish Via the Central Portal

Hey all. Thanks Romain for pointing out the thread for me. One issue is that Central publishers is a much larger set of folks than the Maven Dev group. Obviously there's lots of overlap, but as Romain said, creating a plugin is a thing that can be done independently. As we've been working

Re: [DISCUSS] Java version for Maven

x.x. > > Elliotte gave a good reason for this: There are two camps now (read: > > ALREADY). > > There is no reason to not go with either of them. > > > > Am Do., 22. Feb. 2024 um 19:56 Uhr schrieb Brian Fox >: > > > > > > We dumped 30 days b

Re: [DISCUSS] Java version for Maven

> > > > > Maven UA is created like this: > > > > > > > > > > > https://github.com/apache/maven/blob/master/maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java#L555 > > > > > > > > I was

Re: [DISCUSS] Java version for Maven

Hi everyone. I haven't caught up on this thread but Tamas pinged me to get some usage data from Central. Attached are the Maven versions and JDK Version counts as reported by User Agent by distinct IP for the last 30 days: On Wed, Feb 21, 2024 at 4:15 PM Hunter C Payne wrote: > I also want

Re: Feature Request: Add CPE String to pom.xml

Hi Sebastian, The challenge is that CPE as a coordinate system doesn’t have enough specificity to match artifacts. It has organization/product/version and therefore doesn’t have the ability to capture sub module. This is what leads to most of the mismatch issues seen in CVE based tools (but not

CVE-2021-26291: Apache Maven: block repositories using http by default

Apache Maven may follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

Re: [VOTE] Release Apache Maven version 3.8.0

I'm +1. If the worst thing we can find to worry about is the version number 3.7, 3.8, then it seems like we're close enough. On Wed, Mar 24, 2021 at 3:11 AM Romain Manni-Bucau wrote: > > +0 cause of the versioning which is unexpected (but you know what? since it > is a git tag we can drop it and

Re: [VOTE] Release Apache Maven version 3.8.0

The CVE is for documentation and the hardening of default behavior, it's not your typical zero day. On Mon, Mar 22, 2021 at 10:53 PM Gary Gregory wrote: > > You are acknowledging a CVE _before_ a release? > > Gary > > > On Mon, Mar 22, 2021, 15:40 Robert Scholte wrote: > > > Hi, > > > > For the

Re: uploading to central via ossrh is problematic

ss stuff. > Moreover, I initially thought that OSSRH timeout was not 'just' a Sonatype > issue even if Sonatype is the operator of central & OSSRH (and I thank you > for that). I saw it as a community problem and thus I just wanted to have > some feedback from this community. > >

Re: uploading to central via ossrh is problematic

Hi Matthieu, I think continuing the conversation on your existing ossrh ticket is the right place to resolve this. While it seems like you're having recurring issues, it's not occurring across the entire system so we need to figure out what the unique issue is. --Brian Cofounder & CTO Sonatype

Re: Moving hashes (checksums) forward

't be done w/o careful planning. That's clear. > Who's the right contact at Sonatype? Brian Fox? > > > > On 31-5-2020 16:58:58, Michael Osipov wrote: > > Folks, > > > > I have been recently (indirectly) approached by Mark Thomas for the > > Tomcat committers that h

Deprecating HTTP access to Central

Last year, we deprecated old and insecure TLS protocols on Central to make access more secure. This year, we're moving things forward again by deprecating and later removing access to insecure by default HTTP access. Right now this affects less than 20% of the traffic hitting Central. To find out

[Notice] Java 6 and 7 users: TLS 1.1 being discontinued on Central

it along and we will include that as well. https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/ --Brian Fox Apache Maven PMC CTO, Sonatype - To unsubscribe, e-mail: dev-unsubscr

Re: [VOTE] Release Maven Indexer 6.0.0

On Fri, Dec 1, 2017 at 3:19 AM, Andreas Sewe < s...@st.informatik.tu-darmstadt.de> wrote: > Olivier Lamy wrote: > > probably no issues for sure. > > I just don't know if we will be able to still download the index from > > central and use it with this new version > > TBH I haven't done any

Re: [VOTE] Release Maven Indexer 6.0.0

Eyeballing the list, most of the changes seem irrelevant to the central use case. Is there anything in here that matters for Central (and if so, what are the backwards compat implications?) On Thu, Nov 30, 2017 at 2:07 AM, Olivier Lamy wrote: > +1 > > I'm not clear if this new

Re: Maven JDeprScan Plugin

All set. On Sat, Oct 28, 2017 at 9:48 AM, Robert Scholte wrote: > Hi, > > I'd like to prepare an alpha release of the Maven JDeprScan Plugin > It is a wrapper around the jdeprscan tool[1], available since Java 9. > > You use the jdeprscan tool as a static analysis tool

Re: dependency:go-offline broken?

, Benedikt Ritter <brit...@apache.org> wrote: > Hello Brain, > > > Am 26.09.2017 um 23:10 schrieb Brian Fox <bri...@infinity.nu>: > > > > On Mon, Sep 25, 2017 at 2:10 PM, Benedikt Ritter <brit...@apache.org> > wrote: > > > >> Hello Bri

Re: dependency:go-offline broken?

On Mon, Sep 25, 2017 at 2:10 PM, Benedikt Ritter <brit...@apache.org> wrote: > Hello Brian, > > > Am 20.09.2017 um 23:16 schrieb Brian Fox <bri...@infinity.nu>: > > > > It's been a really long time, but I recall that there were issues getting > > the depe

Re: dependency:go-offline broken?

It's been a really long time, but I recall that there were issues getting the dependencies of plugins bound to the lifecycle. This looks to be the same problem. I think the documentation talked about a way to do this effectively. On Wed, Sep 20, 2017 at 4:48 PM, Benedikt Ritter

Re: Maven BOF session @ JavaOne

Cool. I'll be there as well. On Sat, Jul 29, 2017 at 5:58 AM, Robert Scholte wrote: > Hi, > > Both my talk and the BOF have been accepted for JavaOne 2017. > I will host the BOF session together with Manfred Moser. > All are invited to join. > > > thanks, > Robert > >

index out of bounds 3.5 regression

I'm getting index out of bounds exceptions with 3.5 that don't occur with 3.3.9. I haven't debugged it yet, but wondering if this is already known? Fwiw reproducible with the DependencyCheck 2.0-snapshot master. [ERROR] 13978 java.lang.ArrayIndexOutOfBoundsException: 13978 at

Re: Silly Saturday idea - If Maven Central were a bunch of Git repos

Even more than redefining what Central does, you're effectively describing a new, unofficial java class packaging and distribution mechanism. This seems like it will violate signatures etc and make tracking of what you actually have a nightmare. On Tue, May 16, 2017 at 5:55 PM, Hervé BOUTEMY

Jigsaw removes the ability for tools to help name transition

Robert and I wrote a bit previously [1] about the issues with the automodules in jigsaw (hint: they use only the filename to default a module which we've demonstrated is a terrible idea). There was a happy medium which would have allowed library developers to select a name before full

Re: Fwd: How to name modules, automatic and otherwise

> this in the future. Maybe it would be good if all Apache project and > others > > that are going to publish modules start with using the full namespace in > > the module name. Problem is of course that the examples I saw so far all > do > > NOT do that

Re: Fwd: How to name modules, automatic and otherwise

build up the right practices before jigsaw takes off. > > -- > Regards, > Igor > > On Thu, Feb 16, 2017, at 01:11 PM, Brian Fox wrote: > > I generally agree the concerns were mostly ignored. Specifically the > > dangers in not carefully approaching and setting best pr

Re: Fwd: How to name modules, automatic and otherwise

ame modules, automatic and otherwise > > Date: Thu, 16 Feb 2017 17:48:27 +0100 > > > > This note is in reply to the concerns about automatic modules raised by > > Robert Scholte and Brian Fox [1], and by Stephen Colebourne and others > > [2]. I've collected my con

Re: Unable to close staging repository on repository.apache.org

I looked a little closer, the servers are up and your key 843ddb767188601c is not there. Make sure you've published your key to the pgp servers and that you can search it from here: http://pool.sks-keyservers.net:11371/ On Thu, May 26, 2016 at 6:15 PM, Brian Fox <bri...@infinity.nu>

Re: Unable to close staging repository on repository.apache.org

When this happens, it's a failure in the pgp key server ring and despite the fact that the ring is meant to distribute load, they all seem to go down at the same time. There isn't actually anything we can do on the rao side to make this work besides drop the staging rule that checks the key. I

Re: Jira access for new committer

Added simpligility to maven-dev On Wed, Jun 24, 2015 at 12:38 AM, Barrie Treloar baerr...@gmail.com wrote: I've pinged Brian to have a look. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands,

Re: [VOTE] Add Manfred Moser as committer

+1 --mobile On May 13, 2015, at 2:55 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: Hi, I'd like to introduce Manfred Moser as committer for the Apache Maven project. He's working on Android Maven plugin for years, has great discussions both on users and dev MLs, has a great

Re: What binary repo for plexus?

The current plan is to continue running nexus.codehaus.org and then move stuff over to ossrh as needed. The ssl cert was just renewed and Bob said the DNS isn't going away immediately. We figure projects have enough other stuff to scurry around changing, Nexus doesn't have to be part of it at the

Re: What binary repo for plexus?

. The POMs for plexus currently points to OSSRH. Can anyone who has done a release of a plexus component lately shed some light on where they go? Either nexus.codehaus.org och OSSRH. On Tue, Mar 10, 2015 at 6:28 PM, Brian Fox bri...@infinity.nu wrote: The current plan is to continue running

Re: Maven Compat + Maven 3.0 Plugin Part 1: Mercury

On Sat, Mar 7, 2015 at 10:04 AM, Robert Scholte rfscho...@apache.org wrote: Mercury? I guess some of it is now part of Aether, Mercury predates Aether. It was an attempt to update the artifact apis that was abandoned. (Unless the name is being reused as something new)

Re: move maven core to java 7?

+1 On Thu, Mar 5, 2015 at 8:16 AM, Igor Fedorenko i...@ifedorenko.com wrote: This is chicken-and-egg situation. We won't use java 7 features unless the code targets java 7. Try-with-resources and multi-exception catch are the too features I'd like to start using throughout the code. Although

Re: Abandoned bugs analysis

+1 close em... On Tue, Nov 25, 2014 at 4:22 PM, Jason van Zyl ja...@takari.io wrote: I don't agree. This is a project, not a product and if no one looks at something for 2 years then no one cares. We are not erasing the issues and if someone does care enough to ask to reopen an issue then

Re: Plexus Archiver / Plexus Components

Herve and I discussed moving the repos before splitting them, but it made sense to just go ahead and split it first because that was easier and quicker to pull off. If we can get them into an Apache repo, that makes sense. On Tue, Sep 2, 2014 at 3:48 AM, Benson Margulies bimargul...@gmail.com

Re: Default to SSL

for just switching cold turkey. On 11 Aug 2014, at 13:28, Brian Fox wrote: https://repo.maven.apache.org is up now so we can flip to ssl when ready. Is the consensus to get this into 3.2.3 or to wait for more time to test? We may want to consider switching the repository.apache.org url in our poms

Re: [VOTE] Maven 3.2.3 Release

+1 I did a few tests of various cases related to the new url for central and interactions with repo managers, everything looks ok. On Mon, Aug 11, 2014 at 5:24 PM, Jason van Zyl ja...@takari.io wrote: +1 Analyzer... stagingUrl: https://repository.apache.org/content/repositories/maven-1046

Default to SSL

https://repo.maven.apache.org is up now so we can flip to ssl when ready. Is the consensus to get this into 3.2.3 or to wait for more time to test? We may want to consider switching the repository.apache.org url in our poms as well.

Re: plexus components

Hi Herve, this is all set. I didn't split any code but the new repos are available and added to the plexus team in github. We should have a discussion on where the proper hosting location for this really is. If we want to move this to the maven project, I would support that. On Fri, Aug 1, 2014

Re: Central and Man-in-the-middle

We are already in the process of making this open for free to everyone. Way back in 2012 the CDN situation was different but we just renewed the contract and and ssl is part of it. Once this is setup, we should consider changing the superpom to use ssl by default. Obviously doing something to

Re: Nexus is down?

Zyl wrote: Two times during the one hour window that I was trying to release that the service was not available. It was an Apache page but I assume Nexus wasn't running behind it or not responding. On Jun 18, 2014, at 8:57 AM, Brian Fox bri...@infinity.nu wrote: I haven't received any alerts

Re: Nexus is down?

I haven't received any alerts that it's been down although there are sporadic reports of timeouts. Did you receive a timeout, 502 or something else? Nexus is on shared vm hosts and shared disks and I suspect that some other guest is occasionally bursting and screwing up the io throughput. On

Re: Nexus is down?

https://issues.apache.org/jira/browse/INFRA-7915 On Wed, Jun 18, 2014 at 9:01 AM, Arnaud Héritier aherit...@gmail.com wrote: When I noticed it was down on my side it was 503 errors On Wed, Jun 18, 2014 at 2:57 PM, Brian Fox bri...@infinity.nu wrote: I haven't received any alerts that it's

Re: [Maven 4.0.0] Removing ability for plugins to dynamically inject dependencies

My proposal is strictly to prohibit a plugin from modifying a project's classpath implicitly. That this become fully explicit such that I can remove some of the convoluted logic in the core to account for this. Not allowing plugins to randomly inject new dependencies makes sense. I see some

Re: [Maven 4.0.0] Removing ability for plugins to dynamically inject dependencies

On Fri, Apr 11, 2014 at 5:50 PM, Benson Margulies bimargul...@gmail.comwrote: On Fri, Apr 11, 2014 at 5:29 PM, Stephen Connolly stephen.alan.conno...@gmail.com wrote: On 11 April 2014 22:10, Benson Margulies bimargul...@gmail.com wrote: Fwiw, I don't recall the dependency plugin

Re: Model Version 5.0.0

On Sat, Nov 23, 2013 at 11:47 PM, Igor Fedorenko i...@ifedorenko.comwrote: The way I see it, what is deployed describes how the artifact needs to be consumed. This is artifact's public API, if you will, it will be consumed by wide range of tools that resolve dependencies from Maven

Re: Submitting a new maven plugin..

Hi Laurent, this does look like an handy plugin. I could actually imagine these goals being added to the existing clean plugin and also think this could be pretty popular. What do others think? On Wed, Aug 7, 2013 at 2:39 AM, labtech.dev labtech@gmail.com wrote: Hi there, Please first

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

it official Everyone else, Time to shout out if you have any issues / suggested improvements on the content - Stephen On Friday, 2 August 2013, Stephen Connolly wrote: On 2 August 2013 16:07, Brian Fox bri...@infinity.nu javascript:_e({}, 'cvml', 'bri...@infinity.nu'); wrote: I think

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

I think the bulk of this is pretty good. On the fork section, specifically: As soon as changes in that fork are identified which should be brought back to the project those changes should be introduced into at least a branch hosted on the Apache Maven source control in order to facilitate the

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

On Fri, Aug 2, 2013 at 12:10 PM, Stephen Connolly stephen.alan.conno...@gmail.com wrote: So anyway, I now have this ultra whizzbang high performance logging API and I am aware of some deficit in the logging performance of Maven, so I spin up a private fork (it could be a hidden private fork, or

Re: [DISCUSS] On the Maven PMC roles... (was [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave...)

On Aug 2, 2013, at 12:30 PM, Paul Benedict pbened...@apache.org wrote: I've stated from the beginning of this thread that it's impossible to prevent someone from developing outside of Apache. I stand by that still. That can't be prevented and any attempt will fail since it's not practical.

Re: [DISCUSS] Should the Maven PMC be an example of how we want the Maven Community to behave (was Re: svn commit: r1506778 - /maven/site/trunk/content/markdown/project-roles.md)

There is at least one Maven Committer who has been maintaining a fork of Maven for perhaps the greater part of a year. Is it really a fork? Or is it a superset? I think people throw around fork but is that really true? - To

Re: Older (archiva) binaries not in Central.

Chris, we can add this right to the apache nexus and it will be synced to Central. No need to do a one-off upload. Do you have a list of the exact files that are missing? On Thu, Jul 11, 2013 at 1:57 AM, Chris Graham chrisgw...@gmail.com wrote: ok, cool. I will go and have a look. Thanks!

Re: Poposed Sandbox plugins - digest and gpg:signfiles

You mean releases that don't go to the standard release repo? Yes it's technically possible but it becomes a dangerous thin line between official release and one that bypasses the usual asf process. --mobile On Jun 22, 2013, at 8:07 PM, sebb seb...@gmail.com wrote: On 23 June 2013 01:00,

Re: [VOTE] Apache 3.1.0-alpha-1 (Take 4)

+1 On Sat, Jun 1, 2013 at 9:13 AM, Jason van Zyl ja...@tesla.io wrote: Here are the release bits for 3.1.0-alpha-1: Release notes: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18967 Staging repository:

Re: [VOTE] Release Maven Dependency Tree version 2.1

Yes that should do it. On Fri, May 3, 2013 at 3:20 AM, Mirko Friedenhagen mfriedenha...@gmail.com wrote: Hello Hervé, as an enduser, I just define this as a dependency to e.g. the maven-dependency-plugin, right? Regards Mirko -- Sent from my mobile On May 3, 2013 2:04 AM, Hervé BOUTEMY

Re: [Vote #2] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

+1 On Mon, Mar 11, 2013 at 1:04 PM, Henning Schmiedehausen henn...@schmiedehausen.org wrote: +1 to release. Thanks, Henning On Mon, Mar 11, 2013 at 9:44 AM, John Casey jdca...@commonjava.org wrote: Bump... Has this vote failed, then, or are we saying that all the +1's from

Re: The next major release of Maven: 4.0.0

I don't think we should move to 4.0 because of this. The primary consumer of our systems are the end users and this change doesn't represent api breakage to them. If we make what appears to be such a large version change, that could scare off or confuse people who are just now warming up to 3.x. I

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

the thread discussion following this message was related to a different issue, unless I'm missing something in the issue details... What do we need to do to move forward with another vote? On 3/6/13 3:22 PM, Brian Fox wrote: -1 based on dain's discovery on permissions. On Wed, Mar 6, 2013 at 10

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

and did set permissions, so the new default is a backwards incompatible change. Also this new property is not documented in the release notes: http://jira.codehaus.org/secure/ReleaseNote.jspa?version=18926styleName=TextprojectId=11214 -dain On Thu, Mar 7, 2013 at 11:30 AM, Brian Fox bri

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

-1 based on dain's discovery on permissions. On Wed, Mar 6, 2013 at 10:15 AM, Olivier Lamy ol...@apache.org wrote: +1 2013/3/5 John Casey jdca...@commonjava.org: Hi, This vote is for the Maven dependency plugin version 2.7, which also requires the release of Maven shared dependency

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

MDEP-391 introduced this problem, just committed a fix for it. On Wed, Mar 6, 2013 at 4:22 PM, Brian Fox bri...@infinity.nu wrote: -1 based on dain's discovery on permissions. On Wed, Mar 6, 2013 at 10:15 AM, Olivier Lamy ol...@apache.org wrote: +1 2013/3/5 John Casey jdca

Re: [Vote] maven-dependency-plugin 2.7 AND maven-dependency-analyzer 1.4

I don't know for sure this field fixed the original issue. If it does, the go ahead and close it --mobile On Mar 6, 2013, at 5:37 PM, Olivier Lamy ol...@apache.org wrote: 2013/3/6 Brian Fox bri...@infinity.nu: MDEP-391 introduced this problem, just committed a fix for it. why not closing

Re: [VOTE] formally end support for Maven 1

+1 On Sun, Mar 3, 2013 at 5:34 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: +1 Regards, Hervé Le samedi 2 mars 2013 07:18:51 Benson Margulies a écrit : Based on the sentiment on the discussion thread, I call a formal vote to end support for Maven 1.x. This is a vote to: 1:

Re: Desupport Maven 1

+1 and take if off the dist site. On Wed, Feb 27, 2013 at 10:42 AM, Benson Margulies bimargul...@gmail.comwrote: Are there any readers on this list who are prepared to respond to any issues on Maven 1.x, especially, for example, security issues? Does anyone know how to make a release? Unless

Re: Desupport Maven 1

On Wed, Feb 27, 2013 at 10:56 AM, Benson Margulies bimargul...@gmail.comwrote: If someone else wants to support it, they are welcome to do so elsewhere. Or here through active participation. But while we don't have active committers supporting it, we should say so. Nothing stops us from doing

Re: [ANN] Apache Maven 3.0.5 released

Just wanted to bring this to the users list and ensure that those reading the release notes see the security alert for 3.0.4: CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3

Re: git commit: fixed typo

not to use it. WDYT? Robert Op Tue, 05 Feb 2013 00:02:47 +0100 schreef Hervé BOUTEMY herve.bout...@free.fr: good idea any objection? Regards, Hervé Le lundi 4 février 2013 11:11:32 Brian Fox a écrit : i'm on the fence about if this is good or not, but I think the option

Re: git commit: fixed typo

i'm on the fence about if this is good or not, but I think the option if provided should be simple-local-repository without the manager part. People already get confused about what's a local repo vs what's a repository manager and the mixing of these concepts here will make that worse. On Sat,

Re: Passing State Between Plugin Executions

The enforcer plugin uses a static array to hold data between executions. On Wed, Jan 30, 2013 at 2:15 PM, Aaron Dixon atdi...@gmail.com wrote: I am developing a plugin with start and stop goals to be executed typically in pre-integration-test and post-integration-test phases, respectively.

Re: Top navbar on the site with fluido

+1 On Tue, Jan 1, 2013 at 6:42 AM, Anders Hammar and...@hammar.net wrote: +1 I think we should keep the old left-hand menu, like what we've done over at Mojo. /Anders On Sat, Dec 29, 2012 at 5:09 PM, Jesse Farinacci jie...@gmail.com wrote: Greetings, On Fri, Dec 28, 2012 at 11:21

Re: Getting Maven component and plugin releases to /dist -- space

On Sun, Dec 23, 2012 at 10:26 AM, Henk P. Penning penn...@uu.nl wrote: On Sun, 23 Dec 2012, Benson Margulies wrote: Date: Sun, 23 Dec 2012 15:26:18 +0100 From: Benson Margulies bimargul...@gmail.com To: Henk P. Penning penn...@uu.nl Cc: Maven Developers List dev@maven.apache.org,

Re: plugin source releases aren't copied to 'dist', can anyone dig up history?

The last discussion of this required the production of proper source bundles for voting, which we created at that time. I don't recall there being any requirement that everything go onto dist. On Fri, Dec 21, 2012 at 10:57 AM, Benson Margulies bimargul...@gmail.comwrote: Dear fellow community

Re: plugin source releases aren't copied to 'dist', can anyone dig up history?

Further to that, no one will ever consume maven plugins from a random dist folder anyway, so a policy that requires this is a paper policy only and would have no basis in the reality of how these particular projects are consumed. On Fri, Dec 21, 2012 at 1:18 PM, Brian Fox bri...@infinity.nu

Re: Logging

Great summary Benson, I agree with your assessments here. On Sun, Dec 16, 2012 at 12:16 PM, Benson Margulies bimargul...@gmail.comwrote: Since not much has been heard on the 'pick a logger' question for some time, I'm going to stick my neck out and try to summarize some aspects, in the hopes

Re: Logback in Maven Core

On Tue, Dec 11, 2012 at 5:07 PM, Benson Margulies bimargul...@gmail.comwrote: If we ever got that far, I would argue pretty strenuously against a PMC-level rejection of something just based on being EPL. A class-B license is a perfectly legitimate dependency. As would I. If we were talking

Re: Maven Core to Git

Didn't it used to be that way? (separate) On Tue, Nov 27, 2012 at 4:09 AM, Stephen Connolly stephen.alan.conno...@gmail.com wrote: On 27 November 2012 08:41, Olivier Lamy ol...@apache.org wrote: 2012/11/27 Brett Porter br...@apache.org: On 27/11/2012, at 10:34 AM, Arnaud Héritier

Re: [VOTE] Maven Indexer 5.1.0 Release (take 2)

+1 On Tue, Nov 20, 2012 at 2:15 PM, Tamás Cservenák ta...@cservenak.netwrote: Hi, we'd like to release Maven Indexer 5.1.0. We fixed 7 issues: http://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=12112version=18972 Staging repository:

Re: [VOTE] Move Maven projects sources to git

I'm +1 On Tue, Sep 11, 2012 at 1:39 PM, Robert Scholte rfscho...@apache.orgwrote: I don't think it's IF we should move to git, but WHEN and now seems to be the right time. +1 Robert Op Tue, 11 Sep 2012 14:49:46 +0200 schreef Paul Gier pg...@redhat.com: +1, and I'm willing to volunteer

Re: Why do the core its fail massively when using mirrorOf in settings.xml ?

There are lots of tests that are trying to use file based repositories for certain conditions. This is why in 2.0.9 I had added the external:* : external:* matches all repositories except those using localhost or file based repositories. This is used in conjunction with a repository manager when

Re: Maven2 mirror @ netcologne

On Tue, Jul 24, 2012 at 7:16 PM, Brett Porter br...@apache.org wrote: My understanding is that unfortunately Sonatype are not allowing anyone else to mirror the content directly any more. Ibiblio disabled the rsync on their own accord because it was thrashing their disks. Central is now on

Re: Maven2 mirror @ netcologne

On Wed, Jul 25, 2012 at 4:19 PM, Brett Porter br...@apache.org wrote: On 26/07/2012, at 3:46 AM, Brian Fox wrote: On Tue, Jul 24, 2012 at 7:16 PM, Brett Porter br...@apache.org wrote: My understanding is that unfortunately Sonatype are not allowing anyone else to mirror the content

Central is now being served from a CDN

Just over a year ago we evolved the Central architecture to be globally load balanced with 2 servers in the US and 2 more in the UK. This year, we've gone even futher to increase reliability and delivery performance. We evaluated several options and ultimately settled with Edgecast as the

Re: Maven Central is probably blocked in China

Niclas, I'm told it's working now. Can you confirm? On Tue, Jul 10, 2012 at 1:11 PM, Brian Fox bri...@infinity.nu wrote: The network team confirmed that this is only Unicom with the issue. They are looking at alternate routes that would hopefully work. On Mon, Jul 9, 2012 at 5:31 PM, Niclas

Re: Maven Central is probably blocked in China

Niclas, We are seeing a lot of traffic to Central from China, so this certainly isn't a case of the Great Firewall blocking everything, rather it seems a little more localized. Can you send more more info about your source ip and geo location that we could use to see what's up? Possibly we can get

Re: Security trouble

On Wed, Mar 21, 2012 at 4:35 AM, Sascha Scholz sascha.sch...@gmail.com wrote: Hi, On Tue, Mar 20, 2012 at 11:28 PM, Olivier Lamy ol...@apache.org wrote: BTW do we consider adding a warning in 3.0.5 if id != host and fail in 3.0.6 or fail directly in 3.0.5 Why not deprecate the id entry then

Re: RPMs for Maven 3?

Has anyone considered making an rpm/deb bundle that essentially contains a script which can fetch the associated tar.gz from the apache site and unpack it? It seems like this would be the best of both worlds. Hardly anything ever changes in the package, people get easy access to sudo apt get

Re: Security trouble

On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy ol...@apache.org wrote: Hello Folks, The default preemptive on for GET is probably a bad idea. Imagine the following case, in your settings you have:    server      usernameolamy/username      passwordreallycomplicatedpassword/password      

Re: Security trouble

On Tue, Mar 20, 2012 at 5:07 PM, Olivier Lamy ol...@apache.org wrote: 2012/3/20 Brian Fox bri...@infinity.nu: On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy ol...@apache.org wrote: Hello Folks, The default preemptive on for GET is probably a bad idea. Imagine the following case, in your

Re: Security trouble

On Tue, Mar 20, 2012 at 6:28 PM, Olivier Lamy ol...@apache.org wrote: 2012/3/20 Brian Fox bri...@infinity.nu: On Tue, Mar 20, 2012 at 5:07 PM, Olivier Lamy ol...@apache.org wrote: 2012/3/20 Brian Fox bri...@infinity.nu: On Tue, Mar 20, 2012 at 12:58 PM, Olivier Lamy ol...@apache.org wrote

Re: Artifact.isSnapshot definition

The second one looks right to me, this is what I've always used as reference[1] [1] http://www.sonatype.com/people/2008/05/maven-code-how-to-detect-if-you-have-a-snapshot-version/ On Mon, Feb 27, 2012 at 6:41 PM, Robert Scholte apa...@sourcegrounds.com wrote: A couple of issues of the

Re: Help me convincing Tomcat to use Maven

If Ant is their primary build tool, then I would suggest helping them set up Ant to use Maven Ant Tasks as a starting point. That is a great way of enabling an Ant build to deploy the artifacts into a Maven-style repository. I would second that. In fact Ant/Ivy both already deploy to Nexus

Re: [CALL FOR TEST] Apache Maven 3.0.4-RC3 staged

30 minutes is a high enough value that I think we'll be ok. Thanks Olivier. On Tue, Dec 13, 2011 at 8:53 AM, Olivier Lamy ol...@apache.org wrote: 2011/12/13 Brett Porter br...@apache.org: On 13/12/2011, at 7:38 PM, Olivier Lamy wrote: Le 13 décembre 2011 09:35, Arnaud Héritier

Re: [CALL FOR TEST] Apache Maven 3.0.4-RC3 staged

Agree. I will add it in release and complete documentation here: http://maven.apache.org/guides/mini/guide-http-settings.html This seems like a pretty big change and not enough people will read that and start to freak out. If maven worked all this time with no read timeout, why change it now?

Re: [CANCELLED] [VOTE] Apache Maven 3.0.4 (take 2)

On Sun, Dec 4, 2011 at 3:37 AM, Olivier Lamy ol...@apache.org wrote: Hello, The vote is cancelled due to the issue found by Dan. I will restart a vote when a fix will be available. An RC candidate I hope... 2011/12/1 Olivier Lamy ol...@apache.org: Hello, I'd like to release Apache

Re: RC release naming (was Re: [VOTE] Apache Maven 3.0.4 (take 2) )

Again I start a release process and produce a candidate for release build with a naming 3.0.4 for 5 days vote. Something failed, so it has been fixed and I restarted a vote with a second candidate for release called 3.0.4 for 5 days vote. (retagging etc ) What is the difference with

Re: [VOTE] Apache Maven 3.0.4 (take 2)

The RCs were started for a very specific reason, to improve the quality of our releases. Just breezing through this thread, there are clearly issues with memory and some other stuff here that may be bigger than we understand in this small testing surface. An RC build will get more eyes and either

Re: Maven Dependency Plugin

Anyone who is actually going to do the work can make a branch when they need to. I see no point in making a branch just for fun. On Tue, Sep 13, 2011 at 10:01 AM, Benson Margulies bimargul...@gmail.com wrote: As for the solution of creating a 2.x branch, that's fine. I don't really see much

  1   2   3   4   5   6   7   >