Re: [HEADS UP] Maven 3.9.4 plan

[Jeremy Landis]

Thanks for the info.

Maven updates for those not using maven wrapper take considerably longer to 
work around.  So that was my main concern as I couldn't really see the value on 
this one.  There are so many platforms that must be updated and outside of 
maven wrapper, maven is not treated as a dependency...so my concerns were the 
fact of not seeing issues and if 3.9.3 was so bad it needed this small set of 
changes.  Seems all are special cases here and inherently older versions are 
not necessarily bad.

Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android

From: Gary Gregory 
Sent: Thursday, July 20, 2023 6:19:53 AM
To: Maven Developers List 
Subject: Re: [HEADS UP] Maven 3.9.4 plan

Hi all,

Is it worth including more detailed information in the release notes to
short circuit questions or concerns like this one?

I can't recall the last time I hear someone complaining about releasing too
soon ;-) AFAIAC, if any bug fix is made available in a release, that's a
good thing. I'm a fan on RERO though.

Gary

On Thu, Jul 20, 2023, 05:22 Tamás Cservenák  wrote:

> Howdy,
>
> mostly bug fixes in Resolver (that is shipped embedded within Maven), and
> some minor fixes in Maven itself:
> - resolver had 2 notable bugs, one in new BF collector (endless loop, SOEx)
> that blocked VSCode Maven integration users, and a "cluster" of multiple
> smaller bugs rendering provided checksum feature not quite usable. The 3rd
> bug was related to a new "lock diagnostic", that was emitting false
> (impossible) locks states. Rest is "general improvements" (manual route
> config, timeout default value change) and POM update. There is one change
> (undoes partially a change happened in 1.9.13) that is performance related,
> when locking is used.
> - maven had one bugfix (affecting users that may end up in endless loop in
> case of plugin error, for example asciidoctor plugin users), and there was
> a minor fix (bumping guava) for users who are unsavory of CVEs, mostly for
> their peace of mind (as Maven itself is AFAIK not affected by this CVE, but
> don't take my statement for granted).
>
> Of course, if you do not use any of these features like BF-collector,
> provided-checksums, trying to debug locking issues or having endless loops
> when some plugins fail, 3.9.4 will not make a big difference for you, but
> as Romain said, we just want to "move forward", by doing regular minor
> releases.
>
> Maven may receive more changes, as resolver is the first in the pipe, and
> as all releases, takes 3 days.
>
> Thanks
> T
>
> On Thu, Jul 20, 2023 at 4:18 AM Jeremy Landis 
> wrote:
>
> > What exactly does this small release improve so much that it warrants a
> > release this soon since 3.9.3?  We scaled 3.9.3 already a while ago and
> > haven't been any real issues that I can pinpoint that anything in this
> > would address and make better.   Clearly, I'm missing something here that
> > is critical.  We will upgrade right away but want to understand what this
> > gets us that is so important.
> >
> > -Original Message-
> > From: Tamás Cservenák 
> > Sent: Wednesday, July 19, 2023 11:42 AM
> > To: Maven Developers List 
> > Subject: [HEADS UP] Maven 3.9.4 plan
> >
> > Howdy,
> >
> > Plan is as follows:
> > 1. release Resolver 1.9.14
> >
> >
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MRESOLVER%2520AND%2520fixVersion%2520%253D%25201.9.14=05%7C01%7C%7Cfc8004efff7e4d4d28d408db890aeb53%7C84df9e7fe9f640afb435%7C1%7C0%7C638254452219057577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g%2BRlM0pMm3EdKT%2Bg%2FWAQDGKNdBS6maOWNH6PNJnJoB4%3D=0
> > 2. release Maven 3.9.4
> >
> >
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MNG%2520AND%2520fixVersion%2520%253D%25203.9.4=05%7C01%7C%7Cfc8004efff7e4d4d28d408db890aeb53%7C84df9e7fe9f640afb435%7C1%7C0%7C638254452219213834%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=l3PsTrRR9OSM4aXOG2ys1GbkJQaJM1DHNsHeT0LJjhU%3D=0
> >
> > I plan to start tomorrow morning (European morning). As usual, if anyone
> > objects, please speak up.
> >
> > Thanks
> > T
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
>

[DISCUSS] Maven Resolver future

[Tamás Cservenák]

Howdy,

I'd like to pitch some discussion regarding Resolver near and longer term
future.

If you look at the JIRA version "planned for" 1.10.0, there are quite some
(even partially done) code changes that are not trivial. Moreover, we want
to drop some deprecated baggage as well:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.10.0

My proposal is to move on to Resolver 2.0.0 instead.

So, Resolver wise my proposal is:
- resolver 1.9.x branched off, goes into "bugfix" mode
- resolver master goes 2.0.0, with new features (already in JIRA or not yet)
- resolver 3.0.0 will also contain java package change (org.eclipse.aether
-> org.apache.maven.resolver), so package change becomes "shifted" from
2.0.0 to 3.0.0

Maven wise, this happens:
- Maven 3.9.x remains on resolver 1.9.x (and will also slowly go into
"bugfix" mode)
- Maven 4.x moves to resolver 2.0.0 (still must support Maven 3 plugins
going directly for resolver)
- Maven 5.x moves to resolver 3.0.0 (when the resolver is sealed off
completely from plugins).

WDYT?

Thanks
T

Re: [HEADS UP] Maven 3.9.4 plan

[Gary Gregory]

Hi all,

Is it worth including more detailed information in the release notes to
short circuit questions or concerns like this one?

I can't recall the last time I hear someone complaining about releasing too
soon ;-) AFAIAC, if any bug fix is made available in a release, that's a
good thing. I'm a fan on RERO though.

Gary

On Thu, Jul 20, 2023, 05:22 Tamás Cservenák  wrote:

> Howdy,
>
> mostly bug fixes in Resolver (that is shipped embedded within Maven), and
> some minor fixes in Maven itself:
> - resolver had 2 notable bugs, one in new BF collector (endless loop, SOEx)
> that blocked VSCode Maven integration users, and a "cluster" of multiple
> smaller bugs rendering provided checksum feature not quite usable. The 3rd
> bug was related to a new "lock diagnostic", that was emitting false
> (impossible) locks states. Rest is "general improvements" (manual route
> config, timeout default value change) and POM update. There is one change
> (undoes partially a change happened in 1.9.13) that is performance related,
> when locking is used.
> - maven had one bugfix (affecting users that may end up in endless loop in
> case of plugin error, for example asciidoctor plugin users), and there was
> a minor fix (bumping guava) for users who are unsavory of CVEs, mostly for
> their peace of mind (as Maven itself is AFAIK not affected by this CVE, but
> don't take my statement for granted).
>
> Of course, if you do not use any of these features like BF-collector,
> provided-checksums, trying to debug locking issues or having endless loops
> when some plugins fail, 3.9.4 will not make a big difference for you, but
> as Romain said, we just want to "move forward", by doing regular minor
> releases.
>
> Maven may receive more changes, as resolver is the first in the pipe, and
> as all releases, takes 3 days.
>
> Thanks
> T
>
> On Thu, Jul 20, 2023 at 4:18 AM Jeremy Landis 
> wrote:
>
> > What exactly does this small release improve so much that it warrants a
> > release this soon since 3.9.3?  We scaled 3.9.3 already a while ago and
> > haven't been any real issues that I can pinpoint that anything in this
> > would address and make better.   Clearly, I'm missing something here that
> > is critical.  We will upgrade right away but want to understand what this
> > gets us that is so important.
> >
> > -Original Message-
> > From: Tamás Cservenák 
> > Sent: Wednesday, July 19, 2023 11:42 AM
> > To: Maven Developers List 
> > Subject: [HEADS UP] Maven 3.9.4 plan
> >
> > Howdy,
> >
> > Plan is as follows:
> > 1. release Resolver 1.9.14
> >
> >
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.9.14
> > 2. release Maven 3.9.4
> >
> >
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.9.4
> >
> > I plan to start tomorrow morning (European morning). As usual, if anyone
> > objects, please speak up.
> >
> > Thanks
> > T
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
>

[VOTE] Release Maven Resolver 1.9.14

[Tamás Cservenák]

Howdy,

We solved 7 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628=12353358

There are still some issues in JIRA:
https://issues.apache.org/jira/projects/MRESOLVER/issues

Staging repository:
https://repository.apache.org/content/repositories/maven-1978/

Source release SHA512:
69b91b7d437dc973c3551afdc8d9dfe7afb373b398f5067b365cb64ecf84e28d7a1d62fcf87746dee30e324e803c6032c015c9ed8b067c80169a9ad3da1906c6

Staging site:
https://maven.apache.org/resolver-archives/resolver-LATEST/

Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72 hours.

[ ] +1
[ ] +0
[ ] -1

Re: [HEADS UP] Maven 3.9.4 plan

[Tamás Cservenák]

Howdy,

mostly bug fixes in Resolver (that is shipped embedded within Maven), and
some minor fixes in Maven itself:
- resolver had 2 notable bugs, one in new BF collector (endless loop, SOEx)
that blocked VSCode Maven integration users, and a "cluster" of multiple
smaller bugs rendering provided checksum feature not quite usable. The 3rd
bug was related to a new "lock diagnostic", that was emitting false
(impossible) locks states. Rest is "general improvements" (manual route
config, timeout default value change) and POM update. There is one change
(undoes partially a change happened in 1.9.13) that is performance related,
when locking is used.
- maven had one bugfix (affecting users that may end up in endless loop in
case of plugin error, for example asciidoctor plugin users), and there was
a minor fix (bumping guava) for users who are unsavory of CVEs, mostly for
their peace of mind (as Maven itself is AFAIK not affected by this CVE, but
don't take my statement for granted).

Of course, if you do not use any of these features like BF-collector,
provided-checksums, trying to debug locking issues or having endless loops
when some plugins fail, 3.9.4 will not make a big difference for you, but
as Romain said, we just want to "move forward", by doing regular minor
releases.

Maven may receive more changes, as resolver is the first in the pipe, and
as all releases, takes 3 days.

Thanks
T

On Thu, Jul 20, 2023 at 4:18 AM Jeremy Landis 
wrote:

> What exactly does this small release improve so much that it warrants a
> release this soon since 3.9.3?  We scaled 3.9.3 already a while ago and
> haven't been any real issues that I can pinpoint that anything in this
> would address and make better.   Clearly, I'm missing something here that
> is critical.  We will upgrade right away but want to understand what this
> gets us that is so important.
>
> -Original Message-
> From: Tamás Cservenák 
> Sent: Wednesday, July 19, 2023 11:42 AM
> To: Maven Developers List 
> Subject: [HEADS UP] Maven 3.9.4 plan
>
> Howdy,
>
> Plan is as follows:
> 1. release Resolver 1.9.14
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.9.14
> 2. release Maven 3.9.4
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.9.4
>
> I plan to start tomorrow morning (European morning). As usual, if anyone
> objects, please speak up.
>
> Thanks
> T
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

Re: [HEADS UP] Maven 3.9.4 plan

[Romain Manni-Bucau]

Hi Jeremy,

As pointed out by Tamas it fixes some algorithm in resolver and enables to
define the interface you want to use which blocks some CI usage since the
recent changes.
It will probably not impact you but enable others so guess it is good to
move forward.
On the long term we can think about enabling maven to download the resolver
and switch it more easily with a simple config in the pom (while API stays
the same) but for now this requires a new release.

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le jeu. 20 juil. 2023 à 04:18, Jeremy Landis  a
écrit :

> What exactly does this small release improve so much that it warrants a
> release this soon since 3.9.3?  We scaled 3.9.3 already a while ago and
> haven't been any real issues that I can pinpoint that anything in this
> would address and make better.   Clearly, I'm missing something here that
> is critical.  We will upgrade right away but want to understand what this
> gets us that is so important.
>
> -Original Message-
> From: Tamás Cservenák 
> Sent: Wednesday, July 19, 2023 11:42 AM
> To: Maven Developers List 
> Subject: [HEADS UP] Maven 3.9.4 plan
>
> Howdy,
>
> Plan is as follows:
> 1. release Resolver 1.9.14
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRESOLVER%20AND%20fixVersion%20%3D%201.9.14
> 2. release Maven 3.9.4
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20fixVersion%20%3D%203.9.4
>
> I plan to start tomorrow morning (European morning). As usual, if anyone
> objects, please speak up.
>
> Thanks
> T
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>