Yeah, this was exactly my question: which 1.1.1 jars is the "good" ones?
If those served _currently_, then we are in trouble, since both 1.1.1 and 1.1.2 introduces the GZIP + Content-Length bug, and we (Nexus) have nowhere to "escape" to (1.1.0 is also broken, AFAIK)! Checkmate. It would be nice to have build6 back, with version like Brian proposes (1.1.1-b6), to make it build able to everyone out there. We will make the proper changes in Nexus POMs, once you make it accessible over your repo. Note: Brian meant version 1.1.2, not 1.2.1 I assume. ~t~ On Wed, Feb 25, 2009 at 7:35 PM, Brian E. Fox <[email protected]>wrote: > I Thierry, > Is it possible to restore the original 1.1.1 perhaps as 1.1.1-b6 so that we > know there is a valid version? The major concern is that the current 1.1.1 > is broken like 1.2.1 so our only alternative is to disconnect the proxy and > deploy it to our 3rd party manually. > > --Brian Fox > Apache Maven PMC > > -----Original Message----- > From: Thierry Boileau [mailto:[email protected]] > Sent: Wednesday, February 25, 2009 1:31 PM > To: [email protected] > Subject: Re: maven.restlet.org repository misbehaving > > Hello Tamás, > > we don't intentionally update released artifacts. Once released they are > not normally updated, however, I recognize this thing happened. I don't > remember exactly when (maybe in november) but it was a mistake. > > >we were chasing some build issues in Nexus -- that were very strange > -- and after a long investigation narrowed it to you. > I'm particularly sorry about that. > > best regards, > Thierry Boileau > > > Hi there, > > > > we were chasing some build issues in Nexus -- that were very strange > > -- and after a long investigation narrowed it to You. > > > > What was the issue: one of our developers built Nexus after a long > > time not doing so, and his build behaved completely broken, as > > regarding to restlet REST services. The issue he had was _very_ > > similar to those reported in my mail few weeks ago (GZIP and content > > length, confirmed by Thierry in 1.1.2!). > > > > The interesting thing was, that in Nexus, we use _released_ artifacts > > of restlet JARs, specifically the version 1.1.1 (stepped back from > > 1.1.2 because of "GZIP and content length" problem). > > > > Furthermore, Sonatype is proxying the maven.restlet.org > > <http://maven.restlet.org> repository (to lessen the hit of the > > grid.sonatype.org <http://grid.sonatype.org> CI machines), and some of > > our developers are using the proxy repository instead of direct > > accessing the maven.restlet.org <http://maven.restlet.org>. The > > developer in question was _not_ using repository.sonatype.org > > <http://repository.sonatype.org> proxy, he was accessing the > > maven.repository.org <http://maven.repository.org> directly. And > > interestingly, his builds were totally hosed, and were producing the > > _exactly_ same "GZIP + content length" issue that was found in 1.1.2, > > but not in 1.1.1 (up to now). > >  > > As it turned out, the maven.restlet.org <http://maven.restlet.org> > > _release_ repository artifacts are _changed_ after they are deployed. > > This is violating the Maven Remote Repository contract in it's roots. > > > > What I detected up to now: > > > > 1. The _release_ JAR files _changes_ in time! At least, the Restlet > > engine of 1.1.1 release _did_ change silently. > > > > Example: > > users accessing restlet proxy repository over repository.sonatype.org > > <http://repository.sonatype.org> pulled the > > com.noelios.restlet-1.1.1.jar (restlet engine) once, and Nexus (just > > like Maven!!!), will _never_ again check for new _release_ artifact. > > It simply does not makes sense. A release is released, put in > > concrete, and it does not changes in time. The "moving targets" are > > snapshots only. > > > > Right now, there are potentially multiple versions of restlet JARs out > > there. Just like this: > > > > > http://maven.restlet.org/com/noelios/restlet/com.noelios.restlet/1.1.1/com.noelios.restlet-1.1.1.jar > > > > If you download this JAR for maven.restlet.org > > <http://maven.restlet.org>, and download the same JARs from Nexus > > proxying maven.restlet.org <http://maven.restlet.org>: > > > > > http://repository.sonatype.org/content/repositories/restlet/com/noelios/restlet/com.noelios.restlet/1.1.1/com.noelios.restlet-1.1.1.jar > > > > (this jar is proxied from maven.restlet.org <http://maven.restlet.org> > > at Nov 15 2008). You will end up with two different jars: > > > > Coming from maven.restlet.org <http://maven.restlet.org> in this very > > moment: > > SHA1(com.noelios.restlet-1.1.1.jar)= > > 051b7b6bb01356aa296705e71fec82ab02f1f977 > > Meta-inf says: Implementation-Version: 1.1.1 (build 18) > > Has GZIP + Content Length bug introduced > > > > Came from maven.restlet.org <http://maven.restlet.org> at Nov 15 2008: > > SHA1(com.noelios.restlet-1.1.1.jar)= > > ac28b0e9d5a7b0513c2aab495094b51515e40162 > > Meta-inf says: Implementation-Version: 1.1.1 (build 6) > > Has _no_ GZIP + Content Length bug introduced > > > > 2. (minor but interesting) LastChanged header that is returned by > > maven.restlet.org <http://maven.restlet.org> repository is always > > _now_ (current date up to the second). This is bad, and makes > > detection of remote file change using HEAD impossible. > > > > Please, stop doing this. Or don't host a Maven Repository. > > > > This actually means,  that you are making your Maven Repository > > consumers _unable_ to guarantee consistent/reproducible builds. > > > > Just like Nexus OSS trunk is broken for everybody out there building > > it by accessing your maven.restlet.org <http://maven.restlet.org> > > repository. But out builds made on CI machines will be fine, since > > they are picking up "build 6" of restlet engine, that has no GZIP bung > > introduced (yet). > > > > Thanks, > > ~t~ > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1228076 > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1228132 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1228233
