Hey Brian, > I recently came across a concerning issue regarding the Atlassian > repository used now to house the clover tools and clover maven plugin. > This repository contains many artifacts that are duplicated on the > central repository but are not authored (that I can tell) by Atlassian. > Even more concerning, I have found snapshots of certain artifacts, > specifically org.apache.maven.plugins are hosted here.
This is also concerning to us. We have been working on an internal project to clean up our build system and our repositories - so currently a work in progress. I think some developers here have ended up publishing some maven plugins to the Atlassian public repository because they were not aware of the Maven Snapshot repository. > This can cause lots of grief to users of the Atlassian tools by > introducing incorrect artifacts into their build. I personally observed > this today and spent some time tracing it back to this repository. We have had a lot of issues with this ourselves. Before I was hired Atlassian did not have someone who really looked after this at all. So in the next few months you should see these sorts of issues go away. > > Duplicated artifacts after a quick compare of Atlassian and > http://repo1.maven.org/maven2 > > > > Org/tmatesoft/svnkit > > Org/openxri/ > > Org/openid4java > > Org/jfree (jfree on repo1) > > Org/codehaus/cargo ****snapshots > > Org/codehaus/xfire > > Org/apache/* ****Snapshots of plugins among others Some of these may have been patched along the way. Ill add this to my list of artifacts to review. > The best practice is not to mix snapshots and releases together in the > same repository. Even though maven can be told which repos to use for > snapshots and releases, the metadata from a merged repository such as > Atlassian can contain information about snapshots that causes build > problems. > > As a service to your users, my strong suggestion is to remove all > artifacts that already exist on central, most importantly org/apache and > org/codehaus. I would also suggest that snapshots of all artifacts be > removed from this repo and placed in a separate snapshot repository. The split has been made some months back - all of our builds now deploy to either release or snapshot repositories but we have not yet separated the existing artifacts from their released and snapshot counterparts. Thanks for your concerns and advice. Ill the list posted on how we progress. Cheers James --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
