Question on Maven Dependencies

Hello, What is the best way to find the dependency jars to include in my POM xml. I am trying to find the dependency jar to include for SpringJUnit4ClassRunner class for Junit testing Thanks in advance Saritha

Re: Question on Maven Dependencies

Hi, first this is development list for Maven... Your question is intended for the users list: To find dependencies is best to read the documentation of the appropriate framework in your case Spring...or you can check maven central search: https://search.maven.org There is a button

Re: maven-gpg-plugin updates

Already there. Chas > On Dec 4, 2016, at 4:22 AM, Christian Schulte wrote: > >> Am 12/04/16 um 06:27 schrieb Charles Honton: >> Who can work with me to get maven-gpg-plugin updated? In particular, I’d >> like to add goals to sign and checksum files that are not artifacts.

[GitHub] maven-plugins pull request #97: MINSTALL-133 createChecksum default true

GitHub user nhojpatrick opened a pull request: https://github.com/apache/maven-plugins/pull/97 MINSTALL-133 createChecksum default true Patch for https://issues.apache.org/jira/browse/MINSTALL-133 You can merge this pull request into a Git repository by running: $ git pull

Re: maven-gpg-plugin updates

Am 04.12.2016 um 16:11 schrieb Chas Honton: > Already there. Seems I looked at the wrong patch file. Regarding the 'checksum-files' goal, I think this does not belong to the 'maven-gpg-plugin' because it is not related to GPG in any way. Looking at , I am

Re: maven-gpg-plugin updates

Am 12/04/16 um 06:27 schrieb Charles Honton: > Who can work with me to get maven-gpg-plugin updated? In particular, I’d > like to add goals to sign and checksum files that are not artifacts. See > MGPG-43 . > Could you add ITs to that patch as

svn: E170013: Unable to connect to a repository

I cannot access the subversion repository since a few hours any more. Anyone else experiencing this? C:\Users\schulte>svn checkout https://svn.apache.org/repos/asf/maven/plugins/trunk/maven-resources-plugin svn: E170013: Unable to connect to a repository at URL

POM 5: The problems with mixins

I'm currently trying to figure out how to make mixins possible in POM 5. Mixins basically bring a form of multiple inheritance to the POM... which leads to the problems of how to solve conflicts. Inheritance Style = The first problem I hit was how to actually deal with a parent that

[GitHub] maven-plugins pull request #98: Correct jira.codehaus.org to issues.apache.o...

GitHub user nhojpatrick opened a pull request: https://github.com/apache/maven-plugins/pull/98 Correct jira.codehaus.org to issues.apache.org/jira Looking though several plugins (http://maven.apache.org/plugins/maven-install-plugin/issue-tracking.html) and discovered the currently

Re: POM 5: The problems with mixins

On 4 December 2016 at 14:56, Stephen Connolly wrote: > I'm currently trying to figure out how to make mixins possible in POM 5. This is wonderful news! > Mixins basically bring a form of multiple inheritance to the POM... which > leads to the problems of how to

Re: Taking Security Seriously

AFAIK, checksums are there only to avoid stupid download/upload distorsion. What gives real security is *signature* done by developers, ie .asc files, that use other hash algorithms than these little .md5 and .sha1 files. That's why we recommend to verify *the signature* [1]. Another topic:

Re: Taking Security Seriously

My view is that the artifact checksums deployed have nothing to do with security, but just a way for Maven to verify that the download was ok. It's not verifying that it's the *correct* (valid) artifact that was downloaded. The apache link you're refering to talks about release signatures, not

Taking Security Seriously

Hiya, So currently checksum's are not generated by default... I've submitted a ticket which switched the install plugin to generate them by default. Next step stop using md5 which most have considered dead for several years, and checking apache (https://www.apache.org/dev/release-signing.html)