thinking twice, I need to change to -1: this may impact users that expect
to use the group permissions to use Maven binaries
sorry
I don't know what tests you are doing with permissions on your
environment, but these tests leak releases :(
Regards,
Hervé
On 2023/10/02 07:11:02 Herve Boutemy wrote:
+1
but Reproducible not fully ok: reference build done with JDK 17 on *nix
and umask 022
apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on
wagon jars:
$ diffoscope
target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
apache-maven/target/apache-maven-3.9.5-bin.zip
--- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
+++ apache-maven/target/apache-maven-3.9.5-bin.zip
│┄ Archive contents identical but files differ, possibly due to
different compression levels. Falling back to binary comparison.
├── zipinfo {}
│ @@ -81,21 +81,21 @@
│ -rw-r--r-- 2.0 unx 74345 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
│ -rw-r--r-- 2.0 unx 317619 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
│ -rw-r--r-- 2.0 unx 37757 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
│ -rw-r--r-- 2.0 unx 51503 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
│ -rw-r--r-- 2.0 unx 379348 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
│ -rw-r--r-- 2.0 unx 4225 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
│ -rw-r--r-- 2.0 unx 289577 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
│ --rw------- 2.0 unx 55101 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
│ +-rw-r--r-- 2.0 unx 55101 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
│ -rw-r--r-- 2.0 unx 205307 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
│ -rw-r--r-- 2.0 unx 58284 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
│ --rw------- 2.0 unx 9405 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
│ --rw------- 2.0 unx 40832 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
│ --rw------- 2.0 unx 785639 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/httpclient-4.5.14.jar
│ --rw------- 2.0 unx 11350 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
│ +-rw-r--r-- 2.0 unx 9405 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
│ +-rw-r--r-- 2.0 unx 40832 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
│ +-rw-r--r-- 2.0 unx 785639 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/httpclient-4.5.14.jar
│ +-rw-r--r-- 2.0 unx 11350 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
│ -rw-r--r-- 2.0 unx 16555 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
│ -rw-r--r-- 2.0 unx 40277 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
│ -rw-r--r-- 2.0 unx 16249 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
│ -rw-r--r-- 2.0 unx 55689 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
│ -rw-r--r-- 2.0 unx 327891 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/httpcore-4.4.16.jar
│ -rw-r--r-- 2.0 unx 360738 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/commons-codec-1.16.0.jar
│ -rw-r--r-- 2.0 unx 32488 b- defN 23-Oct-01 18:38
apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar
│ --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
Regards,
Hervé
On 2023/10/01 19:07:05 Tamás Cservenák wrote:
Howdy,
Note: This release completes the main goals of Maven 3.9.x lineage,
among
others moving to Java 8 and transition to latest Resolver 1.9.x
features
(new robust transports, local repository locking, provided checksums,
remote repository filtering and more). Maven Resolver 1.9.x lineage is
already in "bugfix only" (no new features) maintenance mode, and this
makes
Maven 3.9.x lineage getting into this maintenance mode as well. I do
foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
lifecycle plugin updates), but the focus should move to upcoming Maven
4,
Resolver 2 and mvnd (at least when "core" is considered).
---
We solved 8 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922&version=12353460
There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
Staging repo:
https://repository.apache.org/content/repositories/maven-1995
Dev dist directory (binary bundles updated):
https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
Source release checksums:
apache-maven-3.9.5-src.zip sha512:
f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
apache-maven-3.9.5-src.tar.gz sha512:
fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
Staged site:
https://maven.apache.org/ref/3-LATEST/
Draft for release notes:
https://github.com/apache/maven-site/pull/458
Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html
Vote open for 72h
[ ] +1
[ ] +0
[ ] -1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org