[GitHub] [maven-mvnd] mxsm opened a new issue, #752: Build Rocketmq error
mxsm opened a new issue, #752: URL: https://github.com/apache/maven-mvnd/issues/752 ![image](https://user-images.githubusercontent.com/15797831/206891335-09eef700-0fb0-48a7-ab2e-289bd50d35d7.png) ```shell mvnd -Prelease-all -DskipTests -Dquickly clean install -U ``` platform: windows10 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645728#comment-17645728 ] ASF GitHub Bot commented on MNGSITE-503: kwin commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045181161 ## pom.xml: ## @@ -232,6 +232,33 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + -MM-dd'T'HH:mm:ssXXX + add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] kwin commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
kwin commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045181161 ## pom.xml: ## @@ -232,6 +232,33 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + -MM-dd'T'HH:mm:ssXXX + Review Comment: ```suggestion ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-307) Support listing of workspace artifacts
[ https://issues.apache.org/jira/browse/MRESOLVER-307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645726#comment-17645726 ] ASF GitHub Bot commented on MRESOLVER-307: -- laeubi commented on PR #230: URL: https://github.com/apache/maven-resolver/pull/230#issuecomment-1345467776 @cstamas @olamy maybe you can take a look here? > Support listing of workspace artifacts > -- > > Key: MRESOLVER-307 > URL: https://issues.apache.org/jira/browse/MRESOLVER-307 > Project: Maven Resolver > Issue Type: Improvement >Reporter: Christoph Läubrich >Priority: Major > > Currently the WorkspaceReader has a way to list versions or resolve the file > for an artifact, but there is no way of really get a list of workspace > artifacts itself. > The javadoc states: > {quote}Manages a repository backed by the IDE workspace, a build session or a > similar ad-hoc collection of artifacts.{quote} > so the goal is to have a way getting hold of the "collection of artifacts" > this Workspacereader manages. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-resolver] laeubi commented on pull request #230: MRESOLVER-307 - Support listing of workspace artifacts
laeubi commented on PR #230: URL: https://github.com/apache/maven-resolver/pull/230#issuecomment-1345467776 @cstamas @olamy maybe you can take a look here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-307) Support listing of workspace artifacts
[ https://issues.apache.org/jira/browse/MRESOLVER-307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645725#comment-17645725 ] ASF GitHub Bot commented on MRESOLVER-307: -- laeubi opened a new pull request, #230: URL: https://github.com/apache/maven-resolver/pull/230 Add support for listing artifacts a `WorkspaceReader` know about. See https://issues.apache.org/jira/browse/MRESOLVER-307 Currently the build fails because of an incompatibility: > There is at least one incompatibility: > org.eclipse.aether.repository.WorkspaceReader.listArtifacts():METHOD_NEW_DEFAULT As `WorkspaceReader` is a very specialized class and there is a default implementation I won't expect much problems but I'm not sure how to handle this here. Maybe it would be better to even not default implement it to make consumers aware of the new method? Any guidance would be appreciated. > Support listing of workspace artifacts > -- > > Key: MRESOLVER-307 > URL: https://issues.apache.org/jira/browse/MRESOLVER-307 > Project: Maven Resolver > Issue Type: Improvement >Reporter: Christoph Läubrich >Priority: Major > > Currently the WorkspaceReader has a way to list versions or resolve the file > for an artifact, but there is no way of really get a list of workspace > artifacts itself. > The javadoc states: > {quote}Manages a repository backed by the IDE workspace, a build session or a > similar ad-hoc collection of artifacts.{quote} > so the goal is to have a way getting hold of the "collection of artifacts" > this Workspacereader manages. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-resolver] laeubi opened a new pull request, #230: MRESOLVER-307 - Support listing of workspace artifacts
laeubi opened a new pull request, #230: URL: https://github.com/apache/maven-resolver/pull/230 Add support for listing artifacts a `WorkspaceReader` know about. See https://issues.apache.org/jira/browse/MRESOLVER-307 Currently the build fails because of an incompatibility: > There is at least one incompatibility: > org.eclipse.aether.repository.WorkspaceReader.listArtifacts():METHOD_NEW_DEFAULT As `WorkspaceReader` is a very specialized class and there is a default implementation I won't expect much problems but I'm not sure how to handle this here. Maybe it would be better to even not default implement it to make consumers aware of the new method? Any guidance would be appreciated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (MRESOLVER-307) Support listing of workspace artifacts
Christoph Läubrich created MRESOLVER-307: Summary: Support listing of workspace artifacts Key: MRESOLVER-307 URL: https://issues.apache.org/jira/browse/MRESOLVER-307 Project: Maven Resolver Issue Type: Improvement Reporter: Christoph Läubrich Currently the WorkspaceReader has a way to list versions or resolve the file for an artifact, but there is no way of really get a list of workspace artifacts itself. The javadoc states: {quote}Manages a repository backed by the IDE workspace, a build session or a similar ad-hoc collection of artifacts.{quote} so the goal is to have a way getting hold of the "collection of artifacts" this Workspacereader manages. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSKINS-198) Don't apply font size for in heading elements
[ https://issues.apache.org/jira/browse/MSKINS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645695#comment-17645695 ] Hudson commented on MSKINS-198: --- Build succeeded in Jenkins: Maven » Maven TLP » maven-fluido-skin » master #42 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-fluido-skin/job/master/42/ > Don't apply font size for in heading elements > -- > > Key: MSKINS-198 > URL: https://issues.apache.org/jira/browse/MSKINS-198 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > Attachments: image-2022-12-10-23-59-21-326.png, > image-2022-12-11-00-01-12-584.png > > > When using Markdown and heading contains code elements with backtick those > are converted to {{}} inside {{}} elements. Bootstrap is not > aware that this is possible and overrides the font size of the heading > element to the one of {{{}{}}}. An ugly example is the Maven Resolver > page: > !image-2022-12-10-23-59-21-326.png! > The {{-X}} is not expected to look that tiny. Unset the font size of {{ />}} here. > Expected: > !image-2022-12-11-00-01-12-584.png! > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MSKINS-198) Don't apply font size for in heading elements
[ https://issues.apache.org/jira/browse/MSKINS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed MSKINS-198. - Resolution: Fixed Fixed with [da7e4c8f1220b46d2ff4fda3302d306b75fac5b6|https://gitbox.apache.org/repos/asf?p=maven-fluido-skin.git;a=commit;h=da7e4c8f1220b46d2ff4fda3302d306b75fac5b6]. > Don't apply font size for in heading elements > -- > > Key: MSKINS-198 > URL: https://issues.apache.org/jira/browse/MSKINS-198 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > Attachments: image-2022-12-10-23-59-21-326.png, > image-2022-12-11-00-01-12-584.png > > > When using Markdown and heading contains code elements with backtick those > are converted to {{}} inside {{}} elements. Bootstrap is not > aware that this is possible and overrides the font size of the heading > element to the one of {{{}{}}}. An ugly example is the Maven Resolver > page: > !image-2022-12-10-23-59-21-326.png! > The {{-X}} is not expected to look that tiny. Unset the font size of {{ />}} here. > Expected: > !image-2022-12-11-00-01-12-584.png! > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSKINS-198) Don't apply font size for in heading elements
[ https://issues.apache.org/jira/browse/MSKINS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MSKINS-198: -- Description: When using Markdown and heading contains code elements with backtick those are converted to {{}} inside {{}} elements. Bootstrap is not aware that this is possible and overrides the font size of the heading element to the one of {{{}{}}}. An ugly example is the Maven Resolver page: !image-2022-12-10-23-59-21-326.png! The {{-X}} is not expected to look that tiny. Unset the font size of {{}} here. Expected: !image-2022-12-11-00-01-12-584.png! was: When using Markdown and heading contains code elements with backtick those are converted to {{}} inside {{}} elements. Bootstrap is not aware that this is possible and overrides the font size of the heading element to the one of {{{}{}}}. An ugly example is the Maven Resolver page: !image-2022-12-10-23-59-21-326.png! The {{-X}} is not expected to look that tiny. Unset the font size of {{}} here. Expected: !image-2022-12-11-00-01-12-554.png! > Don't apply font size for in heading elements > -- > > Key: MSKINS-198 > URL: https://issues.apache.org/jira/browse/MSKINS-198 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > Attachments: image-2022-12-10-23-59-21-326.png, > image-2022-12-11-00-01-12-584.png > > > When using Markdown and heading contains code elements with backtick those > are converted to {{}} inside {{}} elements. Bootstrap is not > aware that this is possible and overrides the font size of the heading > element to the one of {{{}{}}}. An ugly example is the Maven Resolver > page: > !image-2022-12-10-23-59-21-326.png! > The {{-X}} is not expected to look that tiny. Unset the font size of {{ />}} here. > Expected: > !image-2022-12-11-00-01-12-584.png! > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSKINS-198) Don't apply font size for in heading elements
[ https://issues.apache.org/jira/browse/MSKINS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MSKINS-198: -- Description: When using Markdown and heading contains code elements with backtick those are converted to {{}} inside {{}} elements. Bootstrap is not aware that this is possible and overrides the font size of the heading element to the one of {{{}{}}}. An ugly example is the Maven Resolver page: !image-2022-12-10-23-59-21-326.png! The {{-X}} is not expected to look that tiny. Unset the font size of {{}} here. Expected: !image-2022-12-11-00-01-12-554.png! was: When using Markdown and heading contains code elements with backtick those are converted to {{}} inside {{}} elements. Bootstrap is not aware that this is possible and overrides the font size of the heading element to the one of {{}}. An ugly example is the Maven Resolver page: !image-2022-12-10-23-59-21-326.png! The {{-X}} is not expected to look that tiny. Unset the font size of {{}} here. > Don't apply font size for in heading elements > -- > > Key: MSKINS-198 > URL: https://issues.apache.org/jira/browse/MSKINS-198 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > Attachments: image-2022-12-10-23-59-21-326.png, > image-2022-12-11-00-01-12-584.png > > > When using Markdown and heading contains code elements with backtick those > are converted to {{}} inside {{}} elements. Bootstrap is not > aware that this is possible and overrides the font size of the heading > element to the one of {{{}{}}}. An ugly example is the Maven Resolver > page: > !image-2022-12-10-23-59-21-326.png! > The {{-X}} is not expected to look that tiny. Unset the font size of {{ />}} here. > Expected: > !image-2022-12-11-00-01-12-554.png! > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSKINS-198) Don't apply font size for in heading elements
[ https://issues.apache.org/jira/browse/MSKINS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MSKINS-198: -- Attachment: image-2022-12-11-00-01-12-584.png > Don't apply font size for in heading elements > -- > > Key: MSKINS-198 > URL: https://issues.apache.org/jira/browse/MSKINS-198 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > Attachments: image-2022-12-10-23-59-21-326.png, > image-2022-12-11-00-01-12-584.png > > > When using Markdown and heading contains code elements with backtick those > are converted to {{}} inside {{}} elements. Bootstrap is not > aware that this is possible and overrides the font size of the heading > element to the one of {{}}. An ugly example is the Maven Resolver > page: > !image-2022-12-10-23-59-21-326.png! > The {{-X}} is not expected to look that tiny. Unset the font size of {{ />}} here. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MSKINS-198) Don't apply font size for in heading elements
Michael Osipov created MSKINS-198: - Summary: Don't apply font size for in heading elements Key: MSKINS-198 URL: https://issues.apache.org/jira/browse/MSKINS-198 Project: Maven Skins Issue Type: Bug Components: Fluido Skin Affects Versions: fluido-1.11.1 Reporter: Michael Osipov Assignee: Michael Osipov Fix For: fluido-next-release Attachments: image-2022-12-10-23-59-21-326.png When using Markdown and heading contains code elements with backtick those are converted to {{}} inside {{}} elements. Bootstrap is not aware that this is possible and overrides the font size of the heading element to the one of {{}}. An ugly example is the Maven Resolver page: !image-2022-12-10-23-59-21-326.png! The {{-X}} is not expected to look that tiny. Unset the font size of {{}} here. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSKINS-197) CSS never applied to and in section elements
[ https://issues.apache.org/jira/browse/MSKINS-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645691#comment-17645691 ] Hudson commented on MSKINS-197: --- Build succeeded in Jenkins: Maven » Maven TLP » maven-fluido-skin » master #40 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-fluido-skin/job/master/40/ > CSS never applied to and in section elements > - > > Key: MSKINS-197 > URL: https://issues.apache.org/jira/browse/MSKINS-197 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > > [This > line|https://github.com/apache/maven-fluido-skin/blob/7fffaa7e466f1b9f54af2bbe3280d67d3e279451/src/main/resources/css/maven-base.css#L22] > applies CSS rules to non-existing classes throughout the skin, I assume that > those were meant for section blocks, not classes. Moreover, the rules are > duplicated for some reason. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MSKINS-197) CSS never applied to and in section elements
[ https://issues.apache.org/jira/browse/MSKINS-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645689#comment-17645689 ] Michael Osipov edited comment on MSKINS-197 at 12/10/22 10:42 PM: -- Fixed with [a0d18819eefcc484bd331b4dead525a0bc2f5ab4|https://gitbox.apache.org/repos/asf?p=maven-fluido-skin.git;a=commit;h=a0d18819eefcc484bd331b4dead525a0bc2f5ab4]. was (Author: michael-o): Fixed with [fb289125ad547d1c47633faf4a60e594b8e963a0|https://gitbox.apache.org/repos/asf?p=maven-fluido-skin.git;a=commit;h=fb289125ad547d1c47633faf4a60e594b8e963a0]. > CSS never applied to and in section elements > - > > Key: MSKINS-197 > URL: https://issues.apache.org/jira/browse/MSKINS-197 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > > [This > line|https://github.com/apache/maven-fluido-skin/blob/7fffaa7e466f1b9f54af2bbe3280d67d3e279451/src/main/resources/css/maven-base.css#L22] > applies CSS rules to non-existing classes throughout the skin, I assume that > those were meant for section blocks, not classes. Moreover, the rules are > duplicated for some reason. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MSKINS-197) CSS never applied to and in section elements
[ https://issues.apache.org/jira/browse/MSKINS-197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov closed MSKINS-197. - Resolution: Fixed Fixed with [fb289125ad547d1c47633faf4a60e594b8e963a0|https://gitbox.apache.org/repos/asf?p=maven-fluido-skin.git;a=commit;h=fb289125ad547d1c47633faf4a60e594b8e963a0]. > CSS never applied to and in section elements > - > > Key: MSKINS-197 > URL: https://issues.apache.org/jira/browse/MSKINS-197 > Project: Maven Skins > Issue Type: Bug > Components: Fluido Skin >Affects Versions: fluido-1.11.1 >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-next-release > > > [This > line|https://github.com/apache/maven-fluido-skin/blob/7fffaa7e466f1b9f54af2bbe3280d67d3e279451/src/main/resources/css/maven-base.css#L22] > applies CSS rules to non-existing classes throughout the skin, I assume that > those were meant for section blocks, not classes. Moreover, the rules are > duplicated for some reason. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MSKINS-197) CSS never applied to and in section elements
Michael Osipov created MSKINS-197: - Summary: CSS never applied to and in section elements Key: MSKINS-197 URL: https://issues.apache.org/jira/browse/MSKINS-197 Project: Maven Skins Issue Type: Bug Components: Fluido Skin Affects Versions: fluido-1.11.1 Reporter: Michael Osipov Assignee: Michael Osipov Fix For: fluido-next-release [This line|https://github.com/apache/maven-fluido-skin/blob/7fffaa7e466f1b9f54af2bbe3280d67d3e279451/src/main/resources/css/maven-base.css#L22] applies CSS rules to non-existing classes throughout the skin, I assume that those were meant for section blocks, not classes. Moreover, the rules are duplicated for some reason. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-6434) Cannot specify empty string for configuration value
[ https://issues.apache.org/jira/browse/MNG-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645684#comment-17645684 ] Konrad Windszus commented on MNG-6434: -- Done in https://github.com/eclipse/sisu.plexus/issues/29. > Cannot specify empty string for configuration value > --- > > Key: MNG-6434 > URL: https://issues.apache.org/jira/browse/MNG-6434 > Project: Maven > Issue Type: Bug > Components: Plugin API >Affects Versions: 3.5.4 >Reporter: Chris Egerton >Priority: Major > Fix For: 4.0.x-candidate > > > We have a MOJO class that involves several user-configured parameters. Some > of these parameters have default values that we'd like to use in the event > that the user doesn't specify a value for them; however, we'd also like the > user to be able to explicitly specify that the parameter should _not_ have a > value. The approach we wanted to take was to specify default values in the > parameter's annotation: > {{@Parameter(property = "foo.bar", defaultValue = "${project.scm.url}")}} > {{private String foo;}} > And then detect empty strings as the user's way of saying "I know there's a > default value for this parameter but I'm sure that I'd actually like it to be > empty anyways.": > {{}} > {{ }} > {{}} > or > {{}} > {{ }} > {{}} > > However, there's been some trouble as we haven't found a way yet to > distinguish between an intentionally-empty string and one that hasn't been > specified at all; the value for foo is always null regardless. > Is there a friendly and/or intuitive way for the user to pass an empty string > as a parameter value? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SUREFIRE-2087) rerunFailingTestsCount incorrectly marks failed parametrized test as pass
[ https://issues.apache.org/jira/browse/SUREFIRE-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold updated SUREFIRE-2087: Priority: Major (was: Critical) > rerunFailingTestsCount incorrectly marks failed parametrized test as pass > - > > Key: SUREFIRE-2087 > URL: https://issues.apache.org/jira/browse/SUREFIRE-2087 > Project: Maven Surefire > Issue Type: Bug >Affects Versions: 3.0.0-M4 >Reporter: Ramanan Rajendran >Priority: Major > > rerunFailingTestsCount is not working as expected with junit5 > `@ParameterizedTest` > If 1st iteration of the test passes and the 2nd one fails, it still marks the > test as flaky passed. > Eg: In the following run, iteration 1 with input A passed but iteration 2 > with input B failed. Iteration 2 was rerun 2 times and failed in all the > attempts. Instead of failing TestA, it's marked as flaky giving an overall > pass for the test suite. I believe it's using the Run 1 PASS as a gate to > mark the whole test as a pass. > > [INFO] Run 1: PASS > [ERROR] Run 2: TestA.iteration2:101 1 expectation failed. > Expected status code <400> doesn't match actual status code <401>. > [ERROR] Run 3: TestA.iteration2:101 1 expectation failed. > Expected status code <400> doesn't match actual status code <401>. > [ERROR] Run 4: TestA.iteration2:101 1 expectation failed. > <400> doesn't match actual status code <401>. > > Tests run: 23, Failures: 0, Errors: 0, Skipped: 2, Flakes: 1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (SUREFIRE-2087) rerunFailingTestsCount incorrectly marks failed parametrized test as pass
[ https://issues.apache.org/jira/browse/SUREFIRE-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold reopened SUREFIRE-2087: - > rerunFailingTestsCount incorrectly marks failed parametrized test as pass > - > > Key: SUREFIRE-2087 > URL: https://issues.apache.org/jira/browse/SUREFIRE-2087 > Project: Maven Surefire > Issue Type: Bug >Affects Versions: 3.0.0-M4 >Reporter: Ramanan Rajendran >Priority: Critical > > rerunFailingTestsCount is not working as expected with junit5 > `@ParameterizedTest` > If 1st iteration of the test passes and the 2nd one fails, it still marks the > test as flaky passed. > Eg: In the following run, iteration 1 with input A passed but iteration 2 > with input B failed. Iteration 2 was rerun 2 times and failed in all the > attempts. Instead of failing TestA, it's marked as flaky giving an overall > pass for the test suite. I believe it's using the Run 1 PASS as a gate to > mark the whole test as a pass. > > [INFO] Run 1: PASS > [ERROR] Run 2: TestA.iteration2:101 1 expectation failed. > Expected status code <400> doesn't match actual status code <401>. > [ERROR] Run 3: TestA.iteration2:101 1 expectation failed. > Expected status code <400> doesn't match actual status code <401>. > [ERROR] Run 4: TestA.iteration2:101 1 expectation failed. > <400> doesn't match actual status code <401>. > > Tests run: 23, Failures: 0, Errors: 0, Skipped: 2, Flakes: 1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7563) User properties now override model properties in dependencies
[ https://issues.apache.org/jira/browse/MNG-7563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645681#comment-17645681 ] Michael Osipov commented on MNG-7563: - [~gnodet], [~slachiewicz], [~cstamas], [~rfscholte], what is your opinion on this? Please also read MNG-5982. > User properties now override model properties in dependencies > - > > Key: MNG-7563 > URL: https://issues.apache.org/jira/browse/MNG-7563 > Project: Maven > Issue Type: Bug > Components: Dependencies, POM >Affects Versions: 3.8.5, 3.8.6 >Reporter: Hervé Guillemet >Assignee: Michael Osipov >Priority: Major > Fix For: waiting-for-feedback > > Attachments: poms.zip > > > An important change has been introduced in 3.8.5 that breaks some existing > builds: Java system properties now take precedence over default values of > user properties in dependency POMs. This look like a bug since it's now easy > to affect dependency behaviors with system properties, a practice that has > been discouraged. But maybe do you consider this as a new feature ? > As an example, 3 poms are attached to this ticket. > After installing projects b and c, building project a with: > {{mvn package -Ddep=x}} > used to succeed until 3.8.4 (-D is ignored) but throws error with 3.8.5 and > 3.8.6 (-D override the default). > Note that without the setting of the default value for property {{dep}} in > project b, the build fails with any version of Maven. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7563) User properties now override model properties in dependencies
[ https://issues.apache.org/jira/browse/MNG-7563?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MNG-7563: Summary: User properties now override model properties in dependencies (was: Java system properties now override user properties in dependencies) > User properties now override model properties in dependencies > - > > Key: MNG-7563 > URL: https://issues.apache.org/jira/browse/MNG-7563 > Project: Maven > Issue Type: Bug > Components: Dependencies, POM >Affects Versions: 3.8.5, 3.8.6 >Reporter: Hervé Guillemet >Assignee: Michael Osipov >Priority: Major > Fix For: waiting-for-feedback > > Attachments: poms.zip > > > An important change has been introduced in 3.8.5 that breaks some existing > builds: Java system properties now take precedence over default values of > user properties in dependency POMs. This look like a bug since it's now easy > to affect dependency behaviors with system properties, a practice that has > been discouraged. But maybe do you consider this as a new feature ? > As an example, 3 poms are attached to this ticket. > After installing projects b and c, building project a with: > {{mvn package -Ddep=x}} > used to succeed until 3.8.4 (-D is ignored) but throws error with 3.8.5 and > 3.8.6 (-D override the default). > Note that without the setting of the default value for property {{dep}} in > project b, the build fails with any version of Maven. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-6564) Lack of ability to overwrite properties of specified dependencies
[ https://issues.apache.org/jira/browse/MNG-6564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645680#comment-17645680 ] Michael Osipov commented on MNG-6564: - Is this actually fixed with MNG-7417? > Lack of ability to overwrite properties of specified dependencies > - > > Key: MNG-6564 > URL: https://issues.apache.org/jira/browse/MNG-6564 > Project: Maven > Issue Type: New Feature > Components: Dependencies >Affects Versions: 3.3.9 >Reporter: Rik Schaaf >Priority: Major > > For example, if I want to update the flyway version to 4.2.0 in spring boot > 1.5 (by default Flyway 3.2.1) I want to do something like this: > {code:xml} > > 4.2.0 > 1.5.17.RELEASE > > > > > org.springframework.boot > spring-boot-dependencies > ${springboot.version} > pom > import > > > > {code} > The flyway dependency is already defined in the dependency management of > spring-boot-dependencies: > {code:xml} > > org.flywaydb > flyway-core > ${flyway.version} > > {code} > But that same pom also defines flyway.version to be 3.2.1. When I include the > flyway dependency in my own dependency management, my application does > correctly use Flyway 4.2.0, but if I only provide the property, it > incorrectly uses version 3.2.1, meaning that my property was ignored. I have > heard from others that you can forcefully override a property by using a > commandline parameter or an environment variable, but I would prefer to use a > property in my pom file instead. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-7417) Several classes do not set properties properly for building requests
[ https://issues.apache.org/jira/browse/MNG-7417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated MNG-7417: Description: A sample case for this bug is {{DefaultArtifactDescriptorReader}}: When Resolver needs to resolve a transitive dependency it consults Maven Resolver Provider to create data. Here the properties of the repository system session are not properly passed with their respective scopes down to the model building request. When a POM now needs to be interpolated, the interpolation can fail. For long time Maven, unfortunately, promoted user properties to system properties making the available everywhere (expect this to be cleaned up in Maven 4). A prime example where this is broken: {{DefaultModelVersionProcessor}} uses for some strange reason system properties although CI Friendly Versions are user properties only. Fixing this component with: {noformat} --- a/maven-model-builder/src/main/java/org/apache/maven/model/interpolation/DefaultModelVersionProcessor.java +++ b/maven-model-builder/src/main/java/org/apache/maven/model/interpolation/DefaultModelVersionProcessor.java @@ -52,17 +52,17 @@ public boolean isValidProperty( String property ) @Override public void overwriteModelProperties( Properties modelProperties, ModelBuildingRequest request ) { -if ( request.getSystemProperties().containsKey( REVISION_PROPERTY ) ) +if ( request.getUserProperties().containsKey( REVISION_PROPERTY ) ) { -modelProperties.put( REVISION_PROPERTY, request.getSystemProperties().get( REVISION_PROPERTY ) ); +modelProperties.put( REVISION_PROPERTY, request.getUserProperties().get( REVISION_PROPERTY ) ); } -if ( request.getSystemProperties().containsKey( CHANGELIST_PROPERTY ) ) +if ( request.getUserProperties().containsKey( CHANGELIST_PROPERTY ) ) { -modelProperties.put( CHANGELIST_PROPERTY, request.getSystemProperties().get( CHANGELIST_PROPERTY ) ); +modelProperties.put( CHANGELIST_PROPERTY, request.getUserProperties().get( CHANGELIST_PROPERTY ) ); } -if ( request.getSystemProperties().containsKey( SHA1_PROPERTY ) ) +if ( request.getUserProperties().containsKey( SHA1_PROPERTY ) ) { -modelProperties.put( SHA1_PROPERTY, request.getSystemProperties().get( SHA1_PROPERTY ) ); +modelProperties.put( SHA1_PROPERTY, request.getUserProperties().get( SHA1_PROPERTY ) ); } } {noformat} and running ITs makes several of them fail: {noformat} ... mng6090 CIFriendly.itShouldResolveTheDependenciesWithBuildConsumer() FAILURE (10.4 s) mng6090 CIFriendly.itShouldResolveTheDependenciesWithoutBuildConsumer() FAILURE (1.2 s) ... mng5895 CIFriendlyUsageWithProperty.itShouldResolveTheDependenciesWithBuildConsumer() FAILURE (0.5 s) mng5895 CIFriendlyUsageWithProperty.itShouldResolveTheDependenciesWithoutBuildConsumer() FAILURE (0.5 s) ... {noformat} The reason is simple: {code:java} modelRequest.setSystemProperties( toProperties( session.getUserProperties(), session.getSystemProperties() ) ); {code} Properties from user are not available. The are likely other usecases affected by this bug. Yet another problem is that plugins which resolve dependencies, e.g., MASSEMBLY will also fail even if this bug is fixed since they rely on an old version of the Maven Resolver Provider and don't use provided scope to use the fixed one from Maven Core. This is a separate problem to be solved. was: A sample case for this bug is {{DefaultArtifactDescriptorReader}}: When Resolver needs to resolve a transitive dependency it consults Maven Resolver Provider to create data. Here the properties of the repository system session are not properly passed with their respective scopes down to the model building request. When a POM now needs needs to be interpolated, the interpolation can fail. For long time Maven, unfortunately, promoted user properties to system properties making the available everywhere (expect this to be cleaned up in Maven 4). A prime example where this is broken: {{DefaultModelVersionProcessor}} uses for some strange reason system properties although CI Friendly Versions are user properties only. Fixing this component with: {noformat} --- a/maven-model-builder/src/main/java/org/apache/maven/model/interpolation/DefaultModelVersionProcessor.java +++ b/maven-model-builder/src/main/java/org/apache/maven/model/interpolation/DefaultModelVersionProcessor.java @@ -52,17 +52,17 @@ public boolean isValidProperty( String property ) @Override public void overwriteModelProperties( Properties modelProperties, ModelBuildingRequest request ) { -if ( request.getSystemProperties().containsKey( REVISION_PROPERTY ) ) +if (
[jira] [Commented] (MNG-6434) Cannot specify empty string for configuration value
[ https://issues.apache.org/jira/browse/MNG-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645678#comment-17645678 ] Michael Osipov commented on MNG-6434: - Ah OK, then we need to raise this with Stuart as well. Can you open up an issue with Sisu Plexus? I consider {{""}} to be a valid value at least for string types. > Cannot specify empty string for configuration value > --- > > Key: MNG-6434 > URL: https://issues.apache.org/jira/browse/MNG-6434 > Project: Maven > Issue Type: Bug > Components: Plugin API >Affects Versions: 3.5.4 >Reporter: Chris Egerton >Priority: Major > Fix For: 4.0.x-candidate > > > We have a MOJO class that involves several user-configured parameters. Some > of these parameters have default values that we'd like to use in the event > that the user doesn't specify a value for them; however, we'd also like the > user to be able to explicitly specify that the parameter should _not_ have a > value. The approach we wanted to take was to specify default values in the > parameter's annotation: > {{@Parameter(property = "foo.bar", defaultValue = "${project.scm.url}")}} > {{private String foo;}} > And then detect empty strings as the user's way of saying "I know there's a > default value for this parameter but I'm sure that I'd actually like it to be > empty anyways.": > {{}} > {{ }} > {{}} > or > {{}} > {{ }} > {{}} > > However, there's been some trouble as we haven't found a way yet to > distinguish between an intentionally-empty string and one that hasn't been > specified at all; the value for foo is always null regardless. > Is there a friendly and/or intuitive way for the user to pass an empty string > as a parameter value? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MNG-6434) Cannot specify empty string for configuration value
[ https://issues.apache.org/jira/browse/MNG-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus updated MNG-6434: - Fix Version/s: 4.0.x-candidate > Cannot specify empty string for configuration value > --- > > Key: MNG-6434 > URL: https://issues.apache.org/jira/browse/MNG-6434 > Project: Maven > Issue Type: Bug > Components: Plugin API >Affects Versions: 3.5.4 >Reporter: Chris Egerton >Priority: Major > Fix For: 4.0.x-candidate > > > We have a MOJO class that involves several user-configured parameters. Some > of these parameters have default values that we'd like to use in the event > that the user doesn't specify a value for them; however, we'd also like the > user to be able to explicitly specify that the parameter should _not_ have a > value. The approach we wanted to take was to specify default values in the > parameter's annotation: > {{@Parameter(property = "foo.bar", defaultValue = "${project.scm.url}")}} > {{private String foo;}} > And then detect empty strings as the user's way of saying "I know there's a > default value for this parameter but I'm sure that I'd actually like it to be > empty anyways.": > {{}} > {{ }} > {{}} > or > {{}} > {{ }} > {{}} > > However, there's been some trouble as we haven't found a way yet to > distinguish between an intentionally-empty string and one that hasn't been > specified at all; the value for foo is always null regardless. > Is there a friendly and/or intuitive way for the user to pass an empty string > as a parameter value? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-6434) Cannot specify empty string for configuration value
[ https://issues.apache.org/jira/browse/MNG-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645677#comment-17645677 ] Konrad Windszus commented on MNG-6434: -- This requires a fix in Sisu Plexus: https://github.com/eclipse/sisu.plexus/blob/27a29dc633e6b03753a3c8d29a033648630c8831/org.eclipse.sisu.plexus/src/org/codehaus/plexus/component/configurator/converters/AbstractConfigurationConverter.java#L49. Currently default values always overwrite empty explicit configuration values. > Cannot specify empty string for configuration value > --- > > Key: MNG-6434 > URL: https://issues.apache.org/jira/browse/MNG-6434 > Project: Maven > Issue Type: Bug > Components: Plugin API >Affects Versions: 3.5.4 >Reporter: Chris Egerton >Priority: Major > > We have a MOJO class that involves several user-configured parameters. Some > of these parameters have default values that we'd like to use in the event > that the user doesn't specify a value for them; however, we'd also like the > user to be able to explicitly specify that the parameter should _not_ have a > value. The approach we wanted to take was to specify default values in the > parameter's annotation: > {{@Parameter(property = "foo.bar", defaultValue = "${project.scm.url}")}} > {{private String foo;}} > And then detect empty strings as the user's way of saying "I know there's a > default value for this parameter but I'm sure that I'd actually like it to be > empty anyways.": > {{}} > {{ }} > {{}} > or > {{}} > {{ }} > {{}} > > However, there's been some trouble as we haven't found a way yet to > distinguish between an intentionally-empty string and one that hasn't been > specified at all; the value for foo is always null regardless. > Is there a friendly and/or intuitive way for the user to pass an empty string > as a parameter value? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SUREFIRE-2132) Copy edit and rewrite JUnit 5 page
Elliotte Rusty Harold created SUREFIRE-2132: --- Summary: Copy edit and rewrite JUnit 5 page Key: SUREFIRE-2132 URL: https://issues.apache.org/jira/browse/SUREFIRE-2132 Project: Maven Surefire Issue Type: Bug Reporter: Elliotte Rusty Harold It's disjointed. There are sentences that make no sense at all. At least I can't figure out the intent. https://maven.apache.org/surefire/maven-surefire-plugin/examples/junit-platform.html -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven] cstamas commented on pull request #907: Maven Transformation
cstamas commented on PR #907: URL: https://github.com/apache/maven/pull/907#issuecomment-1345378471 Re IT failures: Tests run: 886, Failures: 3, Errors: 0, Skipped: 33 As expected: two consumer POM ITs failed (as "swap in" is not done yet), and MavenITmng1021EqualAttachmentBuildNumberTest.testitMNG1021 fails that is surprised by attached new POM. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] cstamas commented on pull request #907: Maven Transformation
cstamas commented on PR #907: URL: https://github.com/apache/maven/pull/907#issuecomment-1345378189 To make this "complete", maven should wrap resolver installer/deployer like here https://github.com/apache/maven/pull/712 that should "swap in" the auto-attached POM (along with all related stuff like signatures or hashes) to main POM and done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-6434) Cannot specify empty string for configuration value
[ https://issues.apache.org/jira/browse/MNG-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645675#comment-17645675 ] Michael Osipov commented on MNG-6434: - Pure crap: https://github.com/apache/maven-site/pull/354#issuecomment-1345373414 [~kwin], to what extend can we fix this for 3.9 or 4.0? > Cannot specify empty string for configuration value > --- > > Key: MNG-6434 > URL: https://issues.apache.org/jira/browse/MNG-6434 > Project: Maven > Issue Type: Bug > Components: Plugin API >Affects Versions: 3.5.4 >Reporter: Chris Egerton >Priority: Major > > We have a MOJO class that involves several user-configured parameters. Some > of these parameters have default values that we'd like to use in the event > that the user doesn't specify a value for them; however, we'd also like the > user to be able to explicitly specify that the parameter should _not_ have a > value. The approach we wanted to take was to specify default values in the > parameter's annotation: > {{@Parameter(property = "foo.bar", defaultValue = "${project.scm.url}")}} > {{private String foo;}} > And then detect empty strings as the user's way of saying "I know there's a > default value for this parameter but I'm sure that I'd actually like it to be > empty anyways.": > {{}} > {{ }} > {{}} > or > {{}} > {{ }} > {{}} > > However, there's been some trouble as we haven't found a way yet to > distinguish between an intentionally-empty string and one that hasn't been > specified at all; the value for foo is always null regardless. > Is there a friendly and/or intuitive way for the user to pass an empty string > as a parameter value? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645674#comment-17645674 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345374960 Here it is: https://issues.apache.org/jira/browse/MNG-6434 > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345374960 Here it is: https://issues.apache.org/jira/browse/MNG-6434 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645673#comment-17645673 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345373414 @bmarwell This is what you were looking for: ```diff diff --git a/pom.xml b/pom.xml index a7d46e96..8686e1e1 100644 - > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345373414 @bmarwell This is what you were looking for: ```diff diff --git a/pom.xml b/pom.xml index a7d46e96..8686e1e1 100644 --- a/pom.xml +++ b/pom.xml @@ -251,6 +251,8 @@ maven.security.expires -MM-dd'T'HH:mm:ssXXX + + +1 year ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645672#comment-17645672 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345372396 @kwin I know that you have been working on this Plexus non-sense with trimming and to null coercion. Do you remember by any chance why an empty string is coerced to `null`? > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645671#comment-17645671 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345371692 > I still don't believe it matters as the format string does not contain any locale-specific patterns. But if you insist, why not use the Maven properties I suggested? I did not say that it does matter, all I am telling is that `` does not behave the way you assume. Since we cannot really request `Locale#ROOT` I would use a really non-existing value and document it as such, e.g. `BOGUS`. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345371692 > I still don't believe it matters as the format string does not contain any locale-specific patterns. But if you insist, why not use the Maven properties I suggested? I did not say that it does matter, all I am telling is that `` does not behave the way you assume. Since we cannot really request `Locale#ROOT` I would use a really non-existing value and document it as such, e.g. `BOGUS`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven] cstamas opened a new pull request, #907: Maven Transformation
cstamas opened a new pull request, #907: URL: https://github.com/apache/maven/pull/907 This plugins does the "half" of the job: on lifecycle begin a transformed POM is added to project, and everything, even GPG plugin processes it as expected. Now next step is "swapping" it at the right moment... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645669#comment-17645669 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345370568 Plexus XML handling coerces both: ` ` and `` to `null` instead of `""` which is actually what you want/need. The only way to fix this is to do `"ROOT".equals(this.locale)`...`locale = Locale.ROOT`. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345370568 Plexus XML handling coerces both: ` ` and `` to `null` instead of `""` which is actually what you want/need. The only way to fix this is to do `"ROOT".equals(this.locale)`...`locale = Locale.ROOT`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645668#comment-17645668 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345370360 I still don't believe it matters as the format string does not contain any locale-specific patterns. But if you insist, why not use the Maven properties I suggested? > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345370360 I still don't believe it matters as the format string does not contain any locale-specific patterns. But if you insist, why not use the Maven properties I suggested? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645667#comment-17645667 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345368961 > > > @michael-o now we have this: > > > ``` > > > [INFO] - > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345368961 > > > @michael-o now we have this: > > > ``` > > > [INFO] --- build-helper-maven-plugin:3.3.0:timestamp-property (create-security.txt-timestamp) @ maven-site --- > > > [WARNING] Using platform locale (en_US actually) to format date/time, i.e. build is platform dependent! > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I still suggest adding root or to explicitly set `ROOT`. > > > > > > This does not work. Again, providing `ROOT` will _not_ give you `Locale#ROOT`. Look at the code. There is no handling for this. All it will give you is `new Locale("root")` which does not exist and is wrong. You need something like [this](https://github.com/apache/maven-doxia-sitetools/blob/61c80011767d6159e7f4dd7e456a542d98022b24/doxia-integration-tools/src/main/java/org/apache/maven/doxia/tools/DefaultSiteTool.java#L847-L850) to handle the literal `ROOT`. > > I did and I ran it and it worked as expected for me. Minus one hour (I live in Europe/Berlin). > > Code path: > > ``` > Locale locale; > if ( this.locale != null ) > { > String[] bits = this.locale.split( "[,_]" ); > if ( bits.length == 1 ) > { > locale = new Locale( bits[0].trim() ); > } > ``` > > It splits "ROOT" wich returns length 1 and Will just pass it though. > > I still don't know how you think it's going to be lower case. > > As an alternative, we can pass in > > ``` > ${user.lang}_${user.country} > ``` > > ...which is the same, but just explicit. Read the specs of the `Locale` constructor and what `Locale#ROOT` is. You are misunderstanding the behavior. It does not give you what you expect. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645666#comment-17645666 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345367729 > > @michael-o now we have this: > > > > ``` > > [INFO] - > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345367729 > > @michael-o now we have this: > > > > ``` > > [INFO] --- build-helper-maven-plugin:3.3.0:timestamp-property (create-security.txt-timestamp) @ maven-site --- > > [WARNING] Using platform locale (en_US actually) to format date/time, i.e. build is platform dependent! > > ``` > > > > I still suggest adding root or to explicitly set `ROOT`. > > This does not work. Again, providing `ROOT` will *not* give you `Locale#ROOT`. Look at the code. There is no handling for this. All it will give you is `new Locale("root")` which does not exist and is wrong. You need something like [this](https://github.com/apache/maven-doxia-sitetools/blob/61c80011767d6159e7f4dd7e456a542d98022b24/doxia-integration-tools/src/main/java/org/apache/maven/doxia/tools/DefaultSiteTool.java#L847-L850) to handle the literal `ROOT`. I did and I ran it and it worked as expected for me. Minus one hour (I live in Europe/Berlin). Code path: ``` Locale locale; if ( this.locale != null ) { String[] bits = this.locale.split( "[,_]" ); if ( bits.length == 1 ) { locale = new Locale( bits[0].trim() ); } ``` It splits "ROOT" wich returns length 1 and Will just pass it though. I still don't know how you think it's going to be lower case. As an alternative, we can pass in ```xml ${user.lang}_${user.country} ``` ...which is the same, but just explicit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645662#comment-17645662 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345366315 > @michael-o now we have this: > > ``` > [INFO] - > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345366315 > @michael-o now we have this: > > ``` > [INFO] --- build-helper-maven-plugin:3.3.0:timestamp-property (create-security.txt-timestamp) @ maven-site --- > [WARNING] Using platform locale (en_US actually) to format date/time, i.e. build is platform dependent! > ``` > > I still suggest adding root or to explicitly set `ROOT`. This does not work. Again, providing `ROOT` will *not* give you `Locale#ROOT`. Look at the code. There is not handling for this. All it will give you is `new Locale("root")` which does not exist and is wrong. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645661#comment-17645661 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045126621 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: I read it and I consider the second one useless. The only valuable information is: "For more information about reporting vulnerabilities, see the [Apache Security Team](https://www.apache.org/security/) page." This is as good as leaving it out. It provides no benefit. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045126621 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: I read it and I consider the second one useless. The only valuable information is: "For more information about reporting vulnerabilities, see the [Apache Security Team](https://www.apache.org/security/) page." This is as good as leaving it out. It provides no benefit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645660#comment-17645660 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345364430 I just have reported a bug in RFC 9116. Quite embarassing one. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345364430 I just have reported a bug in RFC 9116. Quite embarassing one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645657#comment-17645657 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345364007 > So you are uploading an expired file. Expires MUST be in the future! Oh man, I am so stupid. You are right, of course. I left this out complete. I guess I should not code anymore today. But still, having the date being set automatically, I consider wrong because the provided information much be manually reviewed. Please drop the commit. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345364007 > So you are uploading an expired file. Expires MUST be in the future! Oh man, I am so stupid. You are right, of course. I left this out complete. I guess I should not code anymore today. But still, having the date being set automatically, I consider wrong because the provided information much be manually reviewed. Please drop the commit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645656#comment-17645656 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045125369 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: > This one does not point to any policy. Just to a listing w/o any benefit for a potentional reporter. Are you reading the spec at all? Or just posting random comments? > A link to a policy detailing what security researchers should do when searching for or reporting security issues. https://www.rfc-editor.org/rfc/rfc9116#section-2.5.7 Both pages contain useful information for security researchers: email addresses, disclosure policy, etc. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045125369 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: > This one does not point to any policy. Just to a listing w/o any benefit for a potentional reporter. Are you reading the spec at all? Or just posting random comments? > A link to a policy detailing what security researchers should do when searching for or reporting security issues. https://www.rfc-editor.org/rfc/rfc9116#section-2.5.7 Both pages contain useful information for security researchers: email addresses, disclosure policy, etc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645655#comment-17645655 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345362771 So you are uploading an expired file. Expires MUST be in the future! > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345362771 So you are uploading an expired file. Expires MUST be in the future! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-reporting-impl] michael-o opened a new pull request, #15: Use src/site/site.xml
michael-o opened a new pull request, #15: URL: https://github.com/apache/maven-reporting-impl/pull/15 I will also need to split this to first make visible that `reactorProjects` are now available and must be removed with the implementor, then search for `site.xml`, but that this rather mechanical. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645654#comment-17645654 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045124193 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: This one does not point to any policy. Just to a listing w/o any benefit for a potentional reporter. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045124193 ## content/filtered-resources/.well-known/security.txt: ## @@ -0,0 +1,6 @@ +Contact: mailto:secur...@apache.org +Contact: mailto:priv...@maven.apache.org +Expires: ${maven.build.timestamp} +Preferred-Languages: en +Policy: https://www.apache.org/security/ +Policy: https://maven.apache.org/security.html Review Comment: This one does not point to any policy. Just to a listing w/o any benefit for a potentional reporter. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645653#comment-17645653 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345360839 @bmarwell I have added a commit which does it right. No fuzz, no additonal plugins. WFM: ``` Contact: mailto:secur...@apache.org Contact: mailto:priv...@maven.apache.org Expires: 2022-12-10T18:48:02Z Preferred-Languages: en Policy: https://www.apache.org/security/ Policy: https://maven.apache.org/security.html ``` > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345360839 @bmarwell I have added a commit which does it right. No fuzz, no additonal plugins. WFM: ``` Contact: mailto:secur...@apache.org Contact: mailto:priv...@maven.apache.org Expires: 2022-12-10T18:48:02Z Preferred-Languages: en Policy: https://www.apache.org/security/ Policy: https://maven.apache.org/security.html ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645648#comment-17645648 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345323411 Removing the locale now leads to a warning that the build is system dependent. Is this really wanted? I feel having warnings intentionally seems odd. This might get "fixed" by someone else in the future who didn't read this thread. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345323411 Removing the locale now leads to a warning that the build is system dependent. Is this really wanted? I feel having warnings intentionally seems odd. This might get "fixed" by someone else in the future who didn't read this thread. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645647#comment-17645647 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345305885 > Two issues: > * I think that using this plugin is redundant when we have this: https://maven.apache.org/guides/introduction/introduction-to-the-pom.html#special-variables > * Pushing the expires every time like not a having an expires at all. I'd rather make it a *fixed date* and 1 month before evaluate again. It is like push the appointment with the dentist every time. Huh. It's manual work and highly likely it's forgotten. It's very likely that * We push this project at least once or twice a year * The project is being maintained (or at least reachable) about 12 months after pushing out the last release. -1 for a fixed date. * It doesn't add any value * Can easily be forgotten * Needs extra pushes/releases. The special variable doesn't work with offsets. And I fail to see how this would help. The expiry format MUST BE an ISO 8601 timestamp. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345305885 > Two issues: > * I think that using this plugin is redundant when we have this: https://maven.apache.org/guides/introduction/introduction-to-the-pom.html#special-variables > * Pushing the expires every time like not a having an expires at all. I'd rather make it a *fixed date* and 1 month before evaluate again. It is like push the appointment with the dentist every time. Huh. It's manual work and highly likely it's forgotten. It's very likely that * We push this project at least once or twice a year * The project is being maintained (or at least reachable) about 12 months after pushing out the last release. -1 for a fixed date. * It doesn't add any value * Can easily be forgotten * Needs extra pushes/releases. The special variable doesn't work with offsets. And I fail to see how this would help. The expiry format MUST BE an ISO 8601 timestamp. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7563) Java system properties now override user properties in dependencies
[ https://issues.apache.org/jira/browse/MNG-7563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645645#comment-17645645 ] Michael Osipov commented on MNG-7563: - Let me crunch on this, [~h...@apteryx.fr]. I think we need also other comitters to think about this. What I could maybe do is to revert this change for 3.8.7, but I don't know whether this would be wise since it will be different in 3.9.0 and 4.x anyway. Also consider that doning {{MAVEN_OPTS=-Dver=x}} should yield the same result even without the change. WDYT? > Java system properties now override user properties in dependencies > --- > > Key: MNG-7563 > URL: https://issues.apache.org/jira/browse/MNG-7563 > Project: Maven > Issue Type: Bug > Components: Dependencies, POM >Affects Versions: 3.8.5, 3.8.6 >Reporter: Hervé Guillemet >Assignee: Michael Osipov >Priority: Major > Fix For: waiting-for-feedback > > Attachments: poms.zip > > > An important change has been introduced in 3.8.5 that breaks some existing > builds: Java system properties now take precedence over default values of > user properties in dependency POMs. This look like a bug since it's now easy > to affect dependency behaviors with system properties, a practice that has > been discouraged. But maybe do you consider this as a new feature ? > As an example, 3 poms are attached to this ticket. > After installing projects b and c, building project a with: > {{mvn package -Ddep=x}} > used to succeed until 3.8.4 (-D is ignored) but throws error with 3.8.5 and > 3.8.6 (-D override the default). > Note that without the setting of the default value for property {{dep}} in > project b, the build fails with any version of Maven. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-244) Deprecate FileTransformer API
[ https://issues.apache.org/jira/browse/MRESOLVER-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645618#comment-17645618 ] Elliotte Rusty Harold commented on MRESOLVER-244: - How exactly do these classes OOM? They're just interfaces, and I don't see anything fundamentally wrong in the interface design. Where's the implementation? > Deprecate FileTransformer API > - > > Key: MRESOLVER-244 > URL: https://issues.apache.org/jira/browse/MRESOLVER-244 > Project: Maven Resolver > Issue Type: Task > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 1.8.0 > > > The FileTransformer API has serious issues about making resolver itself OOM > prone. Also, while this API was made part of Resolver public API, it is > really unused in resolver (sans that OOM-prone bit). > For now deprecate without replacement, and for Maven 4 let's see will we end > up with Maven API or provide some different, more usable and safe replacement. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7505) Remove ReportingConverter
[ https://issues.apache.org/jira/browse/MNG-7505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645615#comment-17645615 ] ASF GitHub Bot commented on MNG-7505: - slawekjaranowski commented on PR #906: URL: https://github.com/apache/maven/pull/906#issuecomment-1345265120 > So basically the "new style" configuration is dead and the `` section remains? it looks like - only reporting from pom should be used https://maven.apache.org/plugins/maven-site-plugin/examples/configuring-reports.html https://maven.apache.org/shared/maven-reporting-exec/ > Remove ReportingConverter > - > > Key: MNG-7505 > URL: https://issues.apache.org/jira/browse/MNG-7505 > Project: Maven > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: 4.0.x-candidate > > > In m-site-p 3.7 configuration parameter {{reportPlugins}} was removed - > MSITE-792 > So converting from reporting sections to {{reportPlugins}} option of m-site-p > is not needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven] slawekjaranowski commented on pull request #906: [MNG-7505] Disable reportPlugins processing if m-site-p >= 3.7.0 is used
slawekjaranowski commented on PR #906: URL: https://github.com/apache/maven/pull/906#issuecomment-1345265120 > So basically the "new style" configuration is dead and the `` section remains? it looks like - only reporting from pom should be used https://maven.apache.org/plugins/maven-site-plugin/examples/configuring-reports.html https://maven.apache.org/shared/maven-reporting-exec/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645602#comment-17645602 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345254727 @michael-o now we have this: ``` [INFO] - > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on PR #354: URL: https://github.com/apache/maven-site/pull/354#issuecomment-1345254727 @michael-o now we have this: ``` [INFO] --- build-helper-maven-plugin:3.3.0:timestamp-property (create-security.txt-timestamp) @ maven-site --- [WARNING] Using platform locale (en_US actually) to format date/time, i.e. build is platform dependent! ``` I still suggest adding root or to explicitly set `${user.locale}`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645598#comment-17645598 ] ASF GitHub Bot commented on MNGSITE-503: bmarwell commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045079240 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT Review Comment: It does. `ROOT` works well. `'Z'` in combination with `ROOT` made sense, but now that we are going to use `XXX` I agree to remove it (for another reason, though). > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] bmarwell commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
bmarwell commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045079240 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT Review Comment: It does. `ROOT` works well. `'Z'` in combination with `ROOT` made sense, but now that we are going to use `XXX` I agree to remove it (for another reason, though). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-7563) Java system properties now override user properties in dependencies
[ https://issues.apache.org/jira/browse/MNG-7563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645578#comment-17645578 ] Hervé Guillemet commented on MNG-7563: -- Beside breaking some existing builds, which may be necessary if it's about fixing a bug, I'd say the trouble is about encapsulation: When your project use a dependency, this dependency bringing a whole tree of dependencies, you are not meant to know which properties are used by all these dependencies for their internal needs (like the resolution of their own dependencies). So you may break dependencies unintentionally by setting a property for your own project. You may argue here that it's the responsability of the developer of the dependency to use some prefix in the name of the properties to mimic namespaces and avoid clashes. But more generally is it a desired feature to be able to alter dependencies of dependencies using properties ? It's already possible with profiles and that didn't change with 3.8.5. > Java system properties now override user properties in dependencies > --- > > Key: MNG-7563 > URL: https://issues.apache.org/jira/browse/MNG-7563 > Project: Maven > Issue Type: Bug > Components: Dependencies, POM >Affects Versions: 3.8.5, 3.8.6 >Reporter: Hervé Guillemet >Assignee: Michael Osipov >Priority: Major > Fix For: waiting-for-feedback > > Attachments: poms.zip > > > An important change has been introduced in 3.8.5 that breaks some existing > builds: Java system properties now take precedence over default values of > user properties in dependency POMs. This look like a bug since it's now easy > to affect dependency behaviors with system properties, a practice that has > been discouraged. But maybe do you consider this as a new feature ? > As an example, 3 poms are attached to this ticket. > After installing projects b and c, building project a with: > {{mvn package -Ddep=x}} > used to succeed until 3.8.4 (-D is ignored) but throws error with 3.8.5 and > 3.8.6 (-D override the default). > Note that without the setting of the default value for property {{dep}} in > project b, the build fails with any version of Maven. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MPLUGIN-448) "Executes as an aggregator plugin" documentation: s/plugin/goal/
Herve Boutemy created MPLUGIN-448: - Summary: "Executes as an aggregator plugin" documentation: s/plugin/goal/ Key: MPLUGIN-448 URL: https://issues.apache.org/jira/browse/MPLUGIN-448 Project: Maven Plugin Tools Issue Type: Bug Components: Plugin Plugin Affects Versions: 3.7.0 Reporter: Herve Boutemy Fix For: 3.8.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645575#comment-17645575 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045059586 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT Review Comment: This will not work: https://www.mojohaus.org/build-helper-maven-plugin/xref/org/codehaus/mojo/buildhelper/TimestampPropertyMojo.html#L122 It does not process `ROOT` for `new Locale("")`. ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT + -MM-dd'T'HH:mm:ss'Z' Review Comment: Corrected request. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1045059586 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT Review Comment: This will not work: https://www.mojohaus.org/build-helper-maven-plugin/xref/org/codehaus/mojo/buildhelper/TimestampPropertyMojo.html#L122 It does not process `ROOT` for `new Locale("")`. ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT + -MM-dd'T'HH:mm:ss'Z' Review Comment: Corrected request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNGSITE-503) add .well-known/security.txt
[ https://issues.apache.org/jira/browse/MNGSITE-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645574#comment-17645574 ] ASF GitHub Bot commented on MNGSITE-503: michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1044864320 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT + -MM-dd'T'HH:mm:ss'Z' Review Comment: Don't use `'Z'`, always use `XXX`. > add .well-known/security.txt > > > Key: MNGSITE-503 > URL: https://issues.apache.org/jira/browse/MNGSITE-503 > Project: Maven Project Web Site > Issue Type: Improvement >Reporter: Benjamin Marwell >Assignee: Benjamin Marwell >Priority: Major > Labels: security > > As per consensus on the mailing list (+1 from [~rmannibucau] and me), we > should add a file `.well-known/security.txt`. > I will prepare a PR. > References: > * [.well-known/security.txt at maven.apache.org > (mail-archive.com)|https://www.mail-archive.com/dev@maven.apache.org/msg128366.html] > * [.well-known/security.txt at maven.apache.org-Apache Mail > Archives|https://lists.apache.org/thread/tvfg1lx9nd72c9t4t4s3zlx6l0tpnmwy] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [maven-site] michael-o commented on a diff in pull request #354: [MNGSITE-503] add .well-known/security.txt
michael-o commented on code in PR #354: URL: https://github.com/apache/maven-site/pull/354#discussion_r1044864320 ## pom.xml: ## @@ -232,6 +232,32 @@ --> + + +org.codehaus.mojo +build-helper-maven-plugin +3.3.0 + + +create-security.txt-timestamp +pre-site + + timestamp-property + + + maven.security.expires + ROOT + -MM-dd'T'HH:mm:ss'Z' Review Comment: Don't use `'Z'`, always use `XXX`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-resolver] cstamas opened a new pull request, #229: Drop FileTransformer API
cstamas opened a new pull request, #229: URL: https://github.com/apache/maven-resolver/pull/229 Just to be clear where it all is: api, spi, impl, connector-basic. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org