All, Now that we are using the ossindex-maven-plugin, there's an annoying feature for folks trying to build earlier releases...namely they can't if a new vulnerability has crept in since we made the release. Is there a elegant way to handle this? My knuckle-dragger idea would be to set it to "warn" for the tagged release as part of the release process, and then turn it back to "fail the build" for our working branches. Any better ideas?
Cheers,
Tim
