Hi Jacques, all,
we should try to publish the Gradle Wrapper to Maven Central, right?
Regards,
Michael Brohl
ecomify GmbH - www.ecomify.de
Am 22.02.21 um 14:08 schrieb Jacques Le Roux:
Hi,
I created https://issues.apache.org/jira/browse/OFBIZ-12186 for that.
It's much more simple that I feared.
I'll soon commit the attached verification-metadata.xml file there, if
nobody oppose.
We will later need to update it when updating dependencies.
So I'll also update
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
As actually we no longer use OWASP+Dependency+Check (does not fit with
Gradle), we need to remove this page but keep the last section in a
new page. With the switch from jcenter to Maven Central we also need
to modify this last section.
We also need to update
https://cwiki.apache.org/confluence/display/OFBIZ/Release+Management+Guide+for+OFBiz
https://cwiki.apache.org/confluence/display/OFBIZ/Load+new+gradle+wrapper+version+on+bintray
https://issues.apache.org/jira/browse/OFBIZ-10213
I'll do so in relation, with OFBIZ-12186
Jacques
Le 13/02/2021 à 12:50, Jacques Le Roux a écrit :
Hi,
I just read a members thread about this article:
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
One member mentioned that the Groovy project is using the Gradle's
dependency verification feature[1] in the Apache Groovy build.
I suggest we do the same, even after the move from JCenter to
MavenCentral where things should be safer.
What do you think?
[1]
https://docs.gradle.org/current/userguide/dependency_verification.html
<https://docs.gradle.org/current/userguide/dependency_verification.html>
Jacques
