[jira] [Comment Edited] (TIKA-3648) Fail build if ossindex-maven-plugin violation is detected

Tue, 18 Jan 2022 12:26:22 -0800 


    [ 
https://issues.apache.org/jira/browse/TIKA-3648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477407#comment-17477407
 ] 

Tim Allison edited comment on TIKA-3648 at 1/18/22, 8:25 PM:
-------------------------------------------------------------

We used to do this.  It was a pain for folks trying to build earlier tags 
locally.  See TIKA-2980 and TIKA-2887, and I think a couple of emails on user@ 
or dev@.

The build can also break during the release process, which is less than 
entirely fun.

I've documented in the Tika release notes that the release manager should run a 
check to ensure a clean build at the point in time right before running the 
release.

I'm not -1 on this.  I'm willing to give it a try again, but I did want to 
document that we used to do this and made the choice to turn it off.


was (Author: [email protected]):
We used to do this.  It was a pain for folks trying to build earlier tags 
locally.  See TIKA-2980 and TIKA-2887, and I think a couple of emails on user@ 
or dev@.

The build can also break during the release process, which is less than 
entirely fun.

I've documented in the Tika release notes that the release manager should run a 
check to ensure a clean build at the point in time right before running the 
release.

I'm not -1 on this.  I willing to give it a try again, but I did want to 
document that we used to do this and made the choice to turn it off.

> Fail build if ossindex-maven-plugin violation is detected
> ---------------------------------------------------------
>
>                 Key: TIKA-3648
>                 URL: https://issues.apache.org/jira/browse/TIKA-3648
>             Project: Tika
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.2.1
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Critical
>             Fix For: 2.2.2
>
>
> The ossindex-maven-plugin can really assist us in detecting and preventing 
> security vulnerabilities and also mitigating associated risk and exposure.
> I propose to fail the build if ossindex-maven-plugin violation is detected
> https://github.com/apache/tika/blob/main/tika-parent/pom.xml#L639



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to