Le jeu. 14 juil. 2022 à 09:34, Slawomir Jaranowski <[email protected]> a écrit :
> czw., 14 lip 2022 o 08:02 Romain Manni-Bucau <[email protected]> > napisał(a): > > > A few points on that topic: > > > > 1. Helping users is always +1000 > > 2. Some plugins do check if there is a new version and log it => a. makes > > the build not highly reproduceable (logs) b. pollutes user info most of > the > > time > > 3. Versions are not always an user choice (software architect and > whatever > > rules yoou have so we shouldnt force something user cant do) > > > > So users should also use the old Maven version, if they don't have the > possibility to update. > This does not work cause it means plugins are bound to a maven version (give a try and see the impact on outside maven project ecosystem, will defeat our pluggability system). Requires way tok much effort and headaches on compat matrix. Also a blocker when it comes to cve. So not an option for me in most of the case - agree it is acceptable...if it stays very rare as we did by the past. > > > 4. We should check the plugin compat more than the new version (which api > > is used vs which api is available in current version) to avoid false > > positive, warning: enforces a correct dependency mgt and dynamic > resolution > > is ignored (resolver+custom classloader) but guess it is ok > > 5. Dont think it should be done for all builds but probably max once a > day > > 6. We already have this kind of plugin (even if not so advanced): > versions > > plugin. So users can already have this check. > > > > So my 2cts would be to enhance versions plugin which is even able to > > propose next version and be it. > > Doesnt bother users until they want which is always better than pushing > an > > undesired info in a level > info (this is never welcomed). > > > > Le mer. 13 juil. 2022 à 21:47, Niels Basjes <[email protected]> a écrit : > > > > > So simply put Maven is stopping support of plugins that have not been > > > updated for about 9 years (Maven 3.1.0 is in 2 days 9 years old). > > > > > > I say go for it. > > > > > > Niels > > > > > > > > > On Wed, 13 Jul 2022, 15:54 Tamás Cservenák, <[email protected]> > wrote: > > > > > > > Howdy, > > > > > > > > for starter, read comments on this PR: > > > > https://github.com/apache/maven/pull/765 > > > > > > > > TL;DR > > > > Intent of "experiment" was to warn those users who use Maven2 plugins > > > ("old > > > > plugins") with Maven3.9+. > > > > Reasoning: Maven 3.9 is "taking turn" toward Maven4, and just like > > Maven3 > > > > did support Maven2 plugins, Maven4 will support Maven3 plugins, > > > > but supporting two major versions is too much for us, nor we have > > > resources > > > > for. > > > > > > > > My "definition" of "old plugins": > > > > - is built against Maven API older than 3.1 (exclusive) > > > > - depends on maven-compat of any released version > > > > - (minor) was built using old tooling (m-plugin-p), hence scopes of > > maven > > > > bits are not provided > > > > > > > > Clearly, we are targeting users who slacked even Maven3 upgrade, as > > they > > > > use plugins built with/for/against Maven2. > > > > > > > > Also, I think we all agree that some proactive solution (like the PR, > > > emit > > > > warnings during build is needed) as otherwise, history will repeat, > > just > > > > like it happened in the past: > > > > we have crucial plugins not yet existing for Maven3 and majority of > our > > > > users are still using 2,x ("old") plugins of those: m-install-p, > > > > m-deploy-p, etc. > > > > > > > > > > > > T > > > > > > > > > > > > -- > Sławomir Jaranowski >
