Albert,
I think you are confusing the metadata.XML files from the pom.XML files
the metadata sonatype are referring to is the metametadata (ie
metadata.xml files) and nit the artifact metadata (ie pom.xml files)
there are places in central where the metametadata is incorrect. let's
get those fixed
pom's are more subjective: is log4j 1.2.14 a bad pom? it lists all the
dependencies with compile scope and without optional=true
in my case, it is a bad pom because on a point release started pulling
in windows nt logging support, and my app breaks with that support in
place... but it is still a valid pom and it is still a "correct" pom
I could argue that the dependencies could be optional, others could
argue that instead the whole log4j should be refactored into multiple
artifacts pulling in each of the dependencies I think should be
optional... none of us are correct
I could argue that a pom which does not list a license is broken...
others might say that code in the public domain has no license, so
their pom would be incorrect to list a license
I could have a closed source artifact on central, so no scm, no
developers, no distMgnt, no build, no reporting... and that is still a
valid pom
the only metadata we can prove to be incorrect is the metametadata...
and thankfully that can be reconstructed from the pom files
Sent from my [rhymes with tryPod] ;-)
On 6 Oct 2009, at 18:30, Albert Kurucz <[email protected]> wrote:
Brian,
This is why in suggestion 1) I said lets get some code to validate
the
artifacts.
Reading this article I thought you already have that
http://www.think88.com/resources/Maven_white_paper_june_2009.pdf
"
Sonatype maintains a central repository with more than 90,000
artifacts,
consuming more than 60 GB of storage. In addition to the artifacts
themselves, the
Maven Central Repository also contains a POM-file for each of the
artifacts,
containing the meta data for these artifacts. To protect the
integrity of the
repository, Sonatype checks the meta data for correctness. If the
meta data is
erroneous, the artifact can’t be uploaded.
"
On Tue, Oct 6, 2009 at 12:19 PM, Brian Fox <[email protected]> wrote:
On Tue, Oct 6, 2009 at 9:30 AM, Albert Kurucz <[email protected]
> wrote:
Tamas, I cannot predict when, but once it will be done in a "machine
way" or a mathematical/logical proof will be discovered that it is
impossible. Agreed, it will not be easy.
This is why in suggestion 1) I said lets get some code to validate
the
artifacts. Having a suite of validation rules implemented hurts noone
and then people can choose to use them or not, it's just like the
bunch of enforcer rules we already have.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
