anukalp2804 commented on code in PR #11584:
URL: https://github.com/apache/maven/pull/11584#discussion_r2768960134
##########
compat/maven-artifact/src/main/java/org/apache/maven/artifact/Artifact.java:
##########
@@ -37,9 +37,22 @@
*/
public interface Artifact extends Comparable<Artifact> {
+ /**
+ * @deprecated
+ * The use of the {@code RELEASE} version is discouraged because it results
+ * in non-reproducible builds and exposes projects to potential
+ * supply chain attacks.
+ * Use explicit versions instead.
+ */
@Deprecated(since = "4.0.0")
String RELEASE_VERSION = "RELEASE";
+ /**
+ * @deprecated
+ * The use of the {@code LATEST} version is discouraged because it results
+ * in non-reproducible builds.
Review Comment:
Good point — I’ve updated the deprecation note to mention the supply chain
risk as suggested.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
