Re: [VOTE] Require Java 17 for Maven 4

+1 (non-binding), even better Java 21+ Benjamin Marwell wrote on 28. Feb 2024 08:30 (GMT +01:00): > Hi Maven Devs/Users/Committers and PMC members! > > After several discussions on the mailing lists, I would like to > start a vote in favour of setting the minimal Java bytecode target > of

Re: [DISCUSS] Java version for Maven

It has been mentioned before, but just to add, since the bytecode level is IMHO the smallest problem: Jorge Solórzano wrote on 25. Feb 2024 00:41 (GMT +01:00): > you can use JDK 17 to produce Java 8 bytecode using Java 8 > features, that is the distinction I made between runtime and build time, >

Re: [DISCUSS] Java version for Maven

Hello, thanks Jorge I fully support your summary. want to bring an additional points in support for newer runtime Java: Because Maven alone isn’t the complete ecosystem and many other tools have higher requirements already. Fr example both Jenkins (maven-style jobs) as well as SonarQube

Re: [DISCUSS] Usage of Maven Changes Plugin/Reduction of Features

The Apache Commons Project Sites use the jira integration, the plugin works in principle, but does not support paging. https://commons.apache.org/proper/commons-vfs/jira-report.html Gruss Bernd -- http://bernd.eckenfels.net Von: Michael Osipov Gesendet:

Re: [VOTE] Release Maven Site Plugin version 4.0.0-M1

BTW it would probably be good to explain the relation with other maven 4 projects, just to not confuse people with the major number. Like can it be used (only) with maven 3 and so on. Gruss Bernd -- http://bernd.eckenfels.net Von: Romain Manni-Bucau Gesendet:

Re: [DISCUSS] Radical Fast Forward to 3.5.4

Hello, I really think no sane developer should use stable distributions like EL or Debian für Java/Maven toolchains. But if they do, they do know they have old software and their vendor will do the maintenance. I would not be concerned with that (besides maybe clearly communicating EOLs,

Re: Maven Dependency Plugin - Log4j vulnerabilities

All of the (known) remaining log4j1.x security bugs (none of which are as severe as log4shell) are fixed in reload4j 1.2.18+. If you need to stick with 1.2 you should use that. Otherwise you can try to migrate to the log4j bridge, it’s compatibility was increased in 2.17.2 or 2.12.4. Gruss

Re: Formal identification of license in a POM license element

There is some discussion about this here: https://github.com/spdx/spdx-maven-plugin/issues/24 Personally I used the SPX URL for the Pom entry (but that has the disadvantage that some auditors want a tagged Repo location to the license). I think the SPDX maven plug-in can compare the url. Here

Re: MD5, SHA1, but nothing (still) safe?

(still) safe? On Wed, Oct 13, 2021 at 8:41 PM Bernd Eckenfels wrote: > There is no Security risk with weaker checksums since the checksums are > not used for security. An attacker who messes with your binaries can also > mess with the checksum files. In our case, we have the check

Re: MD5, SHA1, but nothing (still) safe?

There is no Security risk with weaker checksums since the checksums are not used for security. An attacker who messes with your binaries can also mess with the checksum files. Only the signatures are relevant here (and they depend on the PGP settings if they use strong hashes). And even the

Re: system path dependency warning, accurate or not?

/java-ee-8-high-performance> Le dim. 26 sept. 2021 à 03:15, Bernd Eckenfels a écrit : > I don’t know what your warning reads, but mine says „will be unresolvable > by dependent projects“ > > > -- > http://bernd.eckenfels.net > > Von: Ro

Re: system path dependency warning, accurate or not?

. 25 sept. 2021 à 17:42, Bernd Eckenfels a écrit : > Hello, > > I am a Repo user and despise binaries in git, therefore I would not run > into this problem. It also means you might be outside of the maven > conventions. > > However I can see that you might need in expect

Re: system path dependency warning, accurate or not?

Hello, I am a Repo user and despise binaries in git, therefore I would not run into this problem. It also means you might be outside of the maven conventions. However I can see that you might need in expectional cases to access dependencies inside the project directory for building. But the

Re: Removing IRC channel mentions from official website documentation

Thanks for bringing this to our attention and I agree we should remove the irc channel in this case. Not sure about the slack since I don’t use it, but the website is not only for the public, it’s also the primary source for committers (but if we add the slack we certainly need to mention who

Re: Request for Enhancement: Dependency Overrides

From: Bernd Eckenfels Sent: Saturday, August 14, 2021 2:28 PM To: Maven Developers List Subject: Re: Request for Enhancement: Dependency Overrides Would you expect to only replace artifacts or also change the java source and class files to actually change the used classes? Your cases

Re: Request for Enhancement: Dependency Overrides

Would you expect to only replace artifacts or also change the java source and class files to actually change the used classes? Your cases are no simple drop-in replace compatibility. Therefore I doubt a maven feature to do so is any more useful than just blocking the deprecated artifacts.

Re: Software Heritage connector to Maven repositories

Hello Boris. I know that opening a Nexus JIRA is the usual way to get responses. BTW also consider scraping the SCM URLs from the POM files and contact the upstream Repos, the maven -src archives are often pruned down and not builtable (if present at all). So it does not hurt to archive them,

Re: Security/Versioning policy proposal

I agree, maven does not need to concern itself with branches as long as it stays fairly forward drop-in compatible. Having said that, things like changing the policy for handling http might not be that drop-in, but on the other hand it’s just a config option and does not require complicated

Re: maven 4.0.0 new XML stuff

Hello, Not exactly sure what work you mean and I fully agree that using a core model should still be the API for plugins and extensions to work with, however specifically the consumer POM integrates with so many external ecosystems, I would expect it to be defined in terms of XML Schema with

Re: Build windows-jdk15

Hello, As long as we have windows builds and jdk15+ builds I guess one can reduce the flaky combinations but it would still be interesting to see what’s the problem is, in the pipeline steps view you see the failed step

Re: [DISCUSS] Allow attributes shorthand in pom.xml

Hello, Having includes in a format might be handy, but it does not fit the philosophy of maven of having a repeatable declarative style. If you need such modularity and imperative style you might be better off using gradle or simple pipeline scripts. (With derived published POMs and changes

Re: Apache Maven Software

Hello Keith, Apache is a volunteer driven organisation, as long as volunteers, including your Organisation contribute patches (and funding) the software is supported. There is no guarantee or contract you can obtain for that. You haven’t specified which projects (plugins) in particular you are

Re: Jenkins + Github

I think this is not possible for security reasons, you cannot trust pull requests to have malicious code. The Jenkins builds are not that isolated. Gruss Bernd -- http://bernd.eckenfels.net Von: Elliotte Rusty Harold Gesendet: Thursday, February 20, 2020

Re: Maven Wrapper

How about adding a system property or environment variable stating the type of starter script and it's version, so this can be logged by Maven runs for better troubleshooting and potentially warnings from enforcer plugin? BTW: I wrote a longish argument for maintainability and binaries in

Re: Maven Pom Property replacement - possible bug?

Hello, I don't think it's expected that those properties are replaced as it is not documented. But I think it's specific to some known suffixes (GoupId). If you can add a "Custom" or similar keyword it might help. I think the expansion can be avoided with ${dollar}{someGroupID} but it might

Re: Prevent maven-release-plugin from reformatting attributes on project element

For the declaration element we took the easy route and use the single line element as it gets regenerated by the release. This is actually a good thing it contains absolutely nothing of value, so wasting only one line is ok (you just must get over the need of printing it on paper ,) --

Re: Prevent maven-release-plugin from reformatting attributes on project element

version of the maven-release-plugin did you use? - Eric L On Tue, Feb 4, 2020 at 8:30 PM Bernd Eckenfels wrote: > Hm, for me it keeps the line breaks, it does however change the intention > for the tag element. I thought this was configurable, but can't find it at > the moment. &

Re: Prevent maven-release-plugin from reformatting attributes on project element

Hm, for me it keeps the line breaks, it does however change the intention for the tag element. I thought this was configurable, but can't find it at the moment. Anyway this is an open (and rejected) issue: https://issues.apache.org/jira/browse/MRELEASE-1008 Gruss Bernd --

Re: Profiles, builds, and repositories

Hello, Yes profiles can severely affect the content of a build artifact and there is no way to tell the used profile in the Maven repo. This is generally the reason why it should not be used to influence the released build artifacts and can also not be relied upon. Gruss Bernd --

Re: is macen repo down?

Please send the error message as text, the image seems not to be received via the mailing list. (Although Maven central repository is not managed on this list) -- http://bernd.eckenfels.net Von: Alexius Diakogiannis Gesendet: Freitag, November 29, 2019 7:36

Re: [SUMMARY] 3 ITs permanently fail on Linux / Maven Core

it on the project-level. The project simply wasn't aware of - side effects and impact of creating this file on Jenkins - the existence of .mvn/jvm.config Robert On Sun, 04 Aug 2019 18:51:52 +0200, Bernd Eckenfels wrote: > Do we need a Maven Option to turn of processing of implicit > configur

Re: [SUMMARY] 3 ITs permanently fail on Linux / Maven Core

Do we need a Maven Option to turn of processing of implicit configurations, just like you can turn of shellrc Files? -- http://bernd.eckenfels.net Von: Robert Scholte Gesendet: Samstag, August 3, 2019 9:12 PM An: Maven Developers List Betreff: [SUMMARY] 3 ITs

Re: JDK 13 - Early Access build 17 is available

How is that related to Maven Development? You should discuss the OpenJDK release policy on the OpenJDK mailing lists and join one of the many interesting OpenJDK projects: https://openjdk.java.net/contribute/ For the record, I don’t agree with your assessment of new features in the latest Java

Re: Ojdbc7 dependency issue

You need to talk to Oracle about this. They do not upload the artifacts and the license does not allow it. There is btw a WebLogic Repository at Oracle which does contain the driver (under a rather strange coordinate). Since you must run your own Repository anyway to have reliable and

AW: Fwd: FOSDEM 19 Debian Java talk

Hello, according to the Apache Release Policy a release is the source and while it allows and defines convinience binaries there is not really a Notion of „official binaries“ from the ASF Point of view. So Maybe the new property should be something like „binary Vendor“ or „packager“ (similiar

Re: Update versions of all plugins in default-bindings.xml

I think that’s a real bad idea if you have to do local modifications to get to a working build environment. Maven is all about not requiring you to do that (anymore). So even requiring a certain Maven Version does not fit in that pattern (although unavoidable if you do not want to work with

Re: JDK 11 Early Access build 12 available

Value Objects are JEP 169 and part of Project Valhalla, there are quite a few projects coming at/after 11 (in the fast release model). We already got local var types, lambda leftovers, (shadowing and underscore) and there are plans for switch expressions, pattern matching, generic enums and

Re: Speeding up Maven

Hello, Maven is not the fastest, but in your case it sounds unusual slow. What are your machine specs? Any SSD? Do you happen to have a on-access malware scanner active? They react very bad to Java scanning large number of JAR files. Gruss Bernd Gruss Bernd -- http://bernd.eckenfels.net

[MJAR] please add MJAR-238 to jigsaw status as an open bug

Hello, On the Jigsaw-status page, it would be good to Add the Status of the m-jar-p, especially https://issues.apache.org/jira/browse/MJAR-238 which blocks it to be used for Setting the main Class of a modular JAR. https://cwiki.apache.org/confluence/display/MAVEN/Java+9+-+Jigsaw The Thing

Re: Security related metadata

There is the problem of missing CPE/maven-coordinates mappings. owasp,dependency check can work around that only with crude heuristics. Therefore it would be at least nice if we can add a CPE to the POM (or define an official mapping to CPEs, but last time I tried to address that on different

Re: [m-jlink-p] NPE for small project

Hello, just found that this is a known and fixed issue: https://issues.apache.org/jira/browse/MJLINK-4 Gruss Bernd -- http://bernd.eckenfels.net Von: Bernd Eckenfels Gesendet: Freitag, 9. März 2018 01:37 An: Maven Developers List Betreff: [m-jlink-p] NPE for small project Hello, when I use

[m-jlink-p] NPE for small project

Hello, when I use a simple POM like this: http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> 4.0.0

Re: [VOTE] Release Apache Maven PDF Plugin version 1.4

Hello, (Not a Release showstopper I guess) There is some text about maven3 report shortcomings which has a jira link which is marked as fixed, maybe the documentation needs an update, too? https://issues.apache.org/jira/browse/MPDF-41

AW: Maven 4.0.0

Hello, Adding annotations and processor as a compiletime dependency sounds like a reasonable thing. It would however be cool if the JAR could describe which package needs to go on the classpath and which is processor impl. (and having a different artifact for runtime) Gruss Bernd Von: Mark

Re: Building a Java9 project just using JDK9

You recreate a limited modules JRE with jlink. Haven't tried it but maybe you can generate an image with Java.se.ee as root that way, too. Gruss Bernd -- http://bernd.eckenfels.net From: Tibor Digana Sent: Wednesday, August 16, 2017

Re: Taking Security Seriously

Having artifact checksums (hashes not signatures) in POM dependency declarations would be cool, but that is not what .md5 or .asc is used for.  Gruss Bernd -- http://bernd.eckenfels.net On Mon, Dec 5, 2016 at 10:45 PM +0100, "Alexander Kjäll" wrote:

Re: Discussion: Resource-only artifacts

Hello, the proposal looks fine (if the scope system will be that open). How would you differentiate between artifacts and artifact archives (i.e. those you want to explode)? BTW: just a usecase: In our buildsystem I have POMs which produce articles which can contain dozent of files. They are in

Re: Discussion: Resource-only artifacts

Am Thu, 18 Aug 2016 14:27:38 -0500 schrieb Paul Benedict : > Agreed, but only if your understanding of "do" includes do nothing. I > wouldn't expect the maven-war-plugin to assume it knows what to do > with my resource-only artifacts. Do you think it should do something? >

Re: Maven Memory Consumption

Hello, I wondered about that as well. It was discussed 2012 on maven-dev. The statement looks like this: # Runtime r = Runtime.getRuntime(); # long MB = 1024 * 1024; # "Final Memory: " + ( r.totalMemory() - r.freeMemory() ) / MB + "M/" + r.totalMemory() / MB + "M" So this basically prints the

Re: Reproducibility versus ranges

t; stephen.alan.conno...@gmail.com <javascript:;>> wrote: > > > > > The idea I had in versions-m-p was to put XML PI with the > > > original range beside the resolved value so that the range can be > > > set back post prepare (see completionGoals)

Re: Reproducibility versus ranges

the range can be set back > > post prepare (see completionGoals) > > > > Oh where is my elusive time > > > > On Monday 26 October 2015, Bernd Eckenfels <e...@zusammenkunft.net> > > wrote: > > > > > Am Mon, 26 Oct 2015 13:03:03 -0400 > >

Re: Reproducibility versus ranges

s it doesn't have > enough information to do that. > > On Tue, Oct 27, 2015 at 1:42 PM, Bernd Eckenfels > <e...@zusammenkunft.net> wrote: > > > Hello, > > > > if you lock down ranges on release your dependencies will also have > > no ranges and you d

Re: Reproducibility versus ranges

Am Mon, 26 Oct 2015 13:03:03 -0400 schrieb Benson Margulies : > Do we have any tooling for this? In my imagination, the top pom for a > product to be released could be auto-decorated with > dependencyManagement locks. I think besides the release-with-pom from the release

Re: Help getting started contributing to maven

Hello, Am Mon, 28 Sep 2015 21:40:54 +0100 schrieb ivange larry : > 1 - Is the code hosted here > https://git-wip-us.apache.org/repos/asf/maven.git, the same as the > code hosted on github with this url https://github.com/apache/maven. Yes, github receives a copy of the

Re: Unable to deploy to repository.apache.org using Java 6 any more

issues.apache.org (JIRA) has the same problem. The 4096bit DHE prime is not supported by Java (not even 1.8). It helps to disable DHE completely in jre/lib/security/java.security: jdk.tls.disabledAlgorithms=MD5, RC4, SSLv3, DSA, RSA keySize 2048, DHE Gruss Bernd Am Thu, 25 Jun 2015 20:35:46

Re: Maven structure plugin

Hello, thanks for the work. Can you describe whats your typical usecase is? I think in your readme the last sample is not detailed files (but c+p duplication). I would recommend to make a linespacing=0,1,2 setting (no empty lines in between, empty lines only between last child and next level

Re: Do we want to go for gitpubsub?

Hello, when searching around for special constructs or when I have to need to understand some third party error messages I like to visit Java code on the Web as it safes me the need to check it out and especially it offers (usually) a good search and navigation. So this is by definition not for

OS Family DOS not windows with Java 8

Hello, did you notice, that with Java 8 all Maven versions will print Dos instead of Windows as the OS Familiy of an (german) Win7 (x64) system: mvn -v Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1; 2014-12-14T18:29:23+01:00) Maven home: C:\devenv\apache-maven-3.2.5 Java version:

Re: maven-release-plugin does not build cleanly - M2_HOME is missing

Am Wed, 25 Mar 2015 21:01:53 +0100 schrieb Mirko Friedenhagen mfriedenha...@gmail.com: - however this will not help with IDEs like Eclipse or Intellij which use their own code to invoke stuff. I guess it is better when you pass it as a system property: -Dmaven.home=${M2_HOME} that way you

Re: [DISCUSS] To SemVer or not to SemVer, that is the question

Hello, I know its not your problem domain, but I wanted to point out that the OSGi bnd-tool can do exactly that. It can even differentiate for interface providers and consumers. http://www.aqute.biz/Bnd/Versioning However the question is, if it really works all automatic if you are not strictly

Re: maven git commit: .mvn/ for project specific jvm options and maven parameters

Am Sun, 08 Feb 2015 07:57:03 -0500 schrieb Igor Fedorenko i...@ifedorenko.com: What if there was single real mvn script and mvnDebug/mvnyjp were just symlinks pointing back to it? The script will behave differently based on the script name. Any objections to this plan? I am all for having

Re: Build failed in Jenkins: core-it-maven-3-win

Hello, Ping? The mails still nag me. Maybe it is enough to clean the workspace for this job? Who should be responsible, so I can contact them directly? Gruss Bernd Am Tue, 27 Jan 2015 21:46:12 +0100 schrieb Bernd Eckenfels e...@zusammenkunft.net: Hello, the core-it-maven-3-win are failing

Fw: Build failed in Jenkins: core-it-maven-3-win

Hello, the core-it-maven-3-win are failing because of some get setup problem (it seems). The job sent a lot of failed mail messages. It looks like I do get a copy because one of my patches was commited meanwhile. Can somebody have a look? Gruss Bernd -- Datum: Mon, 26 Jan 2015 23:27:07 +

AW: 3.2.3 not available thoughhttp://archive.apache.org/dist/maven/binaries/?

Hello, It is on the archive site ob the new coordinates: http://archive.apache.org/dist/maven/maven-3/3.2.3/binaries/ Greetings bernd -- http://bernd.eckenfels.net - Ursprüngliche Nachricht - Von: Milos Kleint mkle...@gmail.com Gesendet: ‎29.‎12.‎2014 09:02 An: Maven Developers List

Re: Why is distributionManagement inside the pom?

Am Sun, 21 Dec 2014 21:30:49 +0100 schrieb Mirko Friedenhagen mfriedenha...@gmail.com: My question here: if you do not define distributionManagement (via a property) in a pom, all users of Maven would have to fiddle around with their settings to deploy anything. I think you have to do that in

Re: Build Failing of Maven

Am Sat, 6 Dec 2014 17:36:45 +0530 schrieb kapil Ashiwal kapilashiwal1...@gmail.com: BUILD FAILED /usr/local/apache-maven-3.2.3/*build.xml:231: Syntax error in property: ${* Obvious question, what is the content of line 231? (and surrounding) Gruss Bernd

Re: Build Failing of Maven

Hello, Oh I can actually answer my question myself :) build:231 contains a copy with filter. So I guess it is not about a syntax error in the ant script but the filtered resources. So you need to provide more context: can you see before the error which file actually failed? Gruss Bernd PS:

Re: Logging in Maven 3.1.1

Hello, you need to escape : and \ in properties files: org.slf4j.simpleLogger.logFile=E\:\\Mavenlogs\\Mavenlog.txt BTW: this is a maven users question. Gruss Bernd Am Thu, 20 Nov 2014 14:37:08 + schrieb Held, James E. jh...@dtcc.com: We'd like to log all maven activity to one common

Re: [SUREFIRE] List of simple issues to fix

Am Sat, 15 Nov 2014 15:31:17 -0700 (MST) schrieb tibor17 tibo...@lycos.com: It makes sense to me to close these bugs without a fix. I will wait one week for a response. If somebody want to prevent from closing them, let me know. All but one seem to be a clear close for me: SUREFIRE-1001 -

Re: Toolchains part of Maven distribution / global toolchains

Hello, i can see advantage and disadvantage to having it in the settings file. In my case I have multiple settings files for different repo and security settings but only one toolchain describes the host installed software. One option would be to allow includes in the settings.xml, then you can

Re: Toolchains part of Maven distribution / global toolchains

Hello, I think the user config has already a very big meaning because of multiple reasons: Typically developer workstations and CI servers all are single-user only. So the builds are always executed with the same user. So there is nobody complayning if the system is not configured on a system

Re: Q: Maven Toolchain

Am Wed, 19 Feb 2014 19:17:03 +0100 schrieb Anders Hammar and...@hammar.net: One thing it can be used for is to define a different JDK to be used (than the one used for executing Maven itself). More info here: http://maven.apache.org/guides/mini/guide-using-toolchains.html What is quite

Re: Maven deploy does not respect finalName

Hello, I dont think you can (or should) use arbitrary file names for artifacts in a maven-style repository. They have to follow the artifactid-classifier-version.type pattern. It is usually the best to pack those files in an archive *-bin.zip or similiar to keep their folder structure and file

Re: Release javadoc-plugin

Hello, yes I think if the fix is in a version specific handling, then it should not be applied. (If the fix would be to always keep the slash or not to alter the given link, then I would say add it). BTW: wondering if lastIndexOf is really needed, in this context it can only be the last char,

Maven Central artifacts list

Hello Jason, a somewhat related question. would it be possible to publish a SHAxSUM file of all the artifacts of the repository? I figured this would be much more efficient than walking any of the repos to validate local mirrors. It also can be used to detect modifications to released

Re: Central and Man-in-the-middle

Hello, I have started a POC a while back which can lock dependencies by a special checksum file. However it is not really secure as a plugin, as you cannot avoid other plugins overwrite yourself. It is not finished, it was an execise in some internal maven apis:

Re: POM 5.0 and Maven.next idea - re: repository's

Am Thu, 26 Jun 2014 21:44:55 +0200 schrieb Michael Osipov micha...@apache.org: Am 2014-06-26 21:41, schrieb Mark Derricutt: On 27 Jun 2014, at 7:27, Michael Osipov wrote: 2) Deploy transitive runtime dependencies along with your release ... or make sure they are centrally available. I

Re: Processing Pull Request

Am Sat, 24 May 2014 19:06:24 +0200 schrieb Michael Osipov micha...@apache.org: Am 2014-05-24 18:57, schrieb Igor Fedorenko: Please don't use Github PL merge functionality. This will create merge commits... and I seriously dislike merge commits, hate them, actually. Are you able to share

Re: Processing Pull Request

Am Sat, 24 May 2014 13:46:42 -0400 schrieb Igor Fedorenko i...@ifedorenko.com: Second, pull-requests encourage multiple commits, when in most cases each pull-request corresponds to single logic change. This, too, makes commit history harder to comprehend for no good reason. That is actually

Re: Let's fix the Rat Check usability fail

Currently the Rat Report in the Site phase of commons-vfs takes enormous time, for really no good use when the commits are reviewed anyway (and it has all kinds of excludes and warnings you manually need to check). So I argue it would be better to run it only in relase (candidate) builds. Not

Re: Let's fix the Rat Check usability fail

/jvanzyl/69c038c0f100803f10db I argue that the release should always be in a ready state to release, all requirements need to be met at all times in order for this to be the case. Aside from the surprise factor at release time when something doesn't work. On May 18, 2014, at 2:15 PM, Bernd

Re: Thoughts on MNG-5626 and the need for a log file

, May 5, 2014 at 2:38 PM, Bernd Eckenfels e...@zusammenkunft.netwrote: Am Mon, 5 May 2014 14:17:50 -0500 schrieb Paul Benedict pbened...@apache.org: What should be logged? Warnings. I actually would propose exceptions too because them on the screen only help if you have logging like

Re: Thoughts on MNG-5626 and the need for a log file

Am Mon, 5 May 2014 14:17:50 -0500 schrieb Paul Benedict pbened...@apache.org: What should be logged? Warnings. I actually would propose exceptions too because them on the screen only help if you have logging like a Hudson instance to view them. Uh, what is wrong with mvn -X -l? Gruss Bernd

Re: Thoughts on MNG-5626 and the need for a log file

, May 5, 2014 at 2:38 PM, Bernd Eckenfels e...@zusammenkunft.netwrote: Am Mon, 5 May 2014 14:17:50 -0500 schrieb Paul Benedict pbened...@apache.org: What should be logged? Warnings. I actually would propose exceptions too because them on the screen only help if you have logging like

help text maven-javadoc-plugin contains (lost) link

Hello, I noticed in the output of javadoc:help a sentence which I could not understand: # javadoc:fix # Fix Javadoc documentation and tags for the Java code for the # project. See Where Tags Can Be Used. When looking at the generated site it is more clear, as this is a HTML link.

Re: help text maven-javadoc-plugin contains (lost) link

Am Wed, 30 Apr 2014 02:31:21 +0200 schrieb Bernd Eckenfels e...@zusammenkunft.net: # javadoc:fix # Fix Javadoc documentation and tags for the Java code for the # project. See Where Tags Can Be Used. Another thing I notices is, it inserts single-line comments like

Re: Not a local repository. It is a local repository cache. (was: Fwd: Why Is Maven Ignoring My Local Repo?)

Am Thu, 17 Apr 2014 07:43:13 -0400 schrieb Igor Fedorenko i...@ifedorenko.com: My problem with current behaviour is that the same location is used as both cache for remote artifacts and repository for locally installed artifacts. Actually I agree, it would be good to have a real cache which

Re: Not a local repository. It is a local repository cache. (was: Fwd: Why Is Maven Ignoring My Local Repo?)

Am Thu, 17 Apr 2014 13:40:38 +0200 schrieb Jörg Schaible joerg.schai...@swisspost.com: Clearly, removing the ability to install artifacts locally would be a very bad idea since it would make it more difficult for casual users to use Maven for casual builds (e.g., I regularly use it to

Re: Model Version 5.0.0

Hello, it is not yet finished, and I am not sure if it actually would work for most scenarios. But I was starting a plugin which allows to maintain and create a checksum lock file for dependencies. The basic idea is, that when I distribute a released maven project (source) via for example Git, I

Re: [VOTE] Release ASF Parent POM version 14

Hello, not a vote but a question, where is the point in still supporting maven2? That additional profile makes the file harder to read. And it somewhat is encouraging to use such a old version. Since this is a new major version and it is not expected anybody would switch to that version if he

Re: [VOTE] Release ASF Parent POM version 14

Am Thu, 6 Mar 2014 16:56:27 -0500 schrieb Benson Margulies bimargul...@gmail.com: This is the POM for all of Apache. It's not for us to tell the rest of Apache to stop using Maven 2.2.1 just yet. I understand that, but if somebody wants to use maven2 would it actually switch to this major

Re: Exposing security vulnerability information (CVEs) when building with Maven

Hello Mark, Just wanted to point you to a redhat project which I recently discovered, as it seems to have potential for this (even if the approach is not the most decentralized one): The Victims Database maps JAR Signatures to known vulnerabilities, if this is extended with maven coordinates

Re: What is in a version? (was Towards faster releases)

Hello, If you include new functionality this means that according to semver you increase the second digit, which means conservative users will do this upgrade step not so easy anymore (and therefore miss all future fixes). I would rather include enhancements anyway but divert from strict

Getting a list of used artifacts

Hello, I want to write a plugin which does dump/verify the hashes of all dependencies and plugins used in the build. That way I can lock dependencies in the source not only by version, but also by checksum. I have currently the following @Mojo(requiresDependencyCollection=TEST)

Re: Getting a list of used artifacts

Am Thu, 13 Feb 2014 02:19:17 +0100 schrieb Bernd Eckenfels e...@zusammenkunft.net: @Mojo(requiresDependencyCollection=TEST) project.getArtifacts() project.getPluginArtifacts() Actual test source is here: https://github.com/ecki/lockdep-maven-plugin Gruss Bernd

Re: JDK 8 Build 121 JDK 7 Update 60 build 02 are available on java.net

Hello Rory, after having repeatingly problems in our WebStart Application (die to changed behaviour in Updates) I have tested with U60 and I havent seen any new problems compared to U45. I did not do server side (performance) tests yet. With JDK8 I did only a few smaller (default maven

Re: [VOTE] Apache Maven SCM 1.9 (take 2)

Am 03.12.2013, 02:47 Uhr, schrieb Olivier Lamy ol...@apache.org: For some reasons I don't understand yet why defaultExclude=false doesn't work for CVS directories. Uh, isnt that supposed to be yes to enable the exclusion of default patterns? Gruss Bernd

Re: More hard problems...

Am 26.11.2013, 22:02 Uhr, schrieb Robert Scholte rfscho...@apache.org: In addition to this story: There's an open issue called MDEPLOY-118 which describes a related issue: how to release the same version for different platforms? Related there is also the need for features. Larger projects

Re: [VOTE] Apache Maven SCM 1.9

I sometimes have the problem that the explorer extension tgitcache from Tortoise keeps handles open in git directories. Maybe your test machine has that installed? Am 25.11.2013 um 19:46 schrieb Robert Scholte rfscho...@apache.org: I have an appointment tonight, will try it afterwards or

Re: git commit: Adding envar MAVEN_CMD_LINE_ARGS to shell scripts to provide consistency for accessing CLI args via env.MAVEN_CMD_LINE_ARGS user property (from plugins, for example).

I think X=v export X Instead of export X=v is more portable. But in any cases, if this is supposed to be an official API it needs to be better tracked and documented (and I somewhat think those features make maven POMs less portable). Am 23.11.2013 um 17:47 schrieb Igor

  1   2   >