Re: last review of Reproducible Builds proposal

Hi, Hervé BOUTEMY wrote: > based on the feedback I got, I updated the proposal: > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=74682318 > > The archives entries timestamp is now configured with > project.build.outputTimestamp property, in ISO-8601 format > > > > 2019

Re: last review of Reproducible Builds proposal

Emmanuel Bourg wrote: > Le 16/10/2019 à 08:35, Hervé BOUTEMY a écrit : >> last question: now that we seem to fully understand each other, does it mean >> that you don't need any more "seconds since the epoch" format support for >> the >> property? > > If Maven supports the SOURCE_DATE_EPOCH env

Re: last review of Reproducible Builds proposal

Christofer Dutz wrote: > Well I have a new candidate: > > maven-bundle-plugin > > Creates: Bnd-LastModified in the MANIFEST.MF > > Gotta find out a way to either suppress that entry (Would be great if it > could consume the same property) <_removeheaders>Bnd-LastModified Alternat

Re: last review of Reproducible Builds proposal

Hi, > but the format of the timestamp is completely different ... doesn't that > matter? I don't think so; at least I don't think the Bnd-LastModified header is meant to be parsed by machines. But I have _removeheaders>Bnd-* (yes, wildcards are supported) in my , so what do I know... > I was c

Re: Dynamic phases proposal

Stephen Connolly wrote: > https://cwiki.apache.org/confluence/display/MAVEN/Dynamic+phases > > Thoughts? Very nice. I like this a lot. In particular, it still feels like Maven with its well-known phases rather than like the "every project rolls their own" approach of Ant or Gradle. And to answer

Re: [DISCUSS] Merging small plugins

Hi Enrico, > What about creating some maven-ext-plugins git repository with a parent and > reactor pom and move all of those plugins that are really never released? > > I am thinking to side plugins like jdeps, checkstyle, pmd, enforcer that's a bad idea as multiple otherwise unrelated goals the

Release maven-jxr-plugin please?

Hi, would it be possible to release the maven-jxr-plugin? The last release is from September 2018 and since then (15 months ago, in fact) it finally got "jxr-no-fork" goals, bringing it on par with maven-javadoc-plugin and maven-source-plugin. Best wishes, Andreas --

Re: Release maven-jxr-plugin please?

Hi, > would it be possible to release the maven-jxr-plugin? The last release > is from September 2018 and since then (15 months ago, in fact) it > finally got "jxr-no-fork" goals, bringing it on par with > maven-javadoc-plugin and maven-source-plugin. just an addendum: Is there anything I can do

Re: [VOTE] Release Apache Maven JXR version 3.1.0

Hervé BOUTEMY wrote: > We solved 6 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317527&version=12344185&styleName=Text thanks for staging the release. The new jxr-no-fork and test-jxr-no-fork goals work like a charm for me. :-) Best wishes, Andreas signature.as

Re: [VOTE] Release Apache Maven JXR version 3.1.0

Andreas Sewe wrote: > Hervé BOUTEMY wrote: >> We solved 6 issues: >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317527&version=12344185&styleName=Text > > thanks for staging the release. The new jxr-no-fork and test-jxr-no-fork > goals work

Re: [VOTE] Release Apache Maven JXR version 3.1.0

Hervé BOUTEMY wrote: > ok, I can cancel the vote > are you able to open a Jira issue, provide a test and eventually a fix, > please? - Opened - Attached a small patch to it that enhances the "simple-project" integration test to catch this bug -

Re: Maven Sign Plugin

Hi, > I have some experience in case of verifying pgp signatures using Bouncy > Castle during work on my pgpverify-maven-plugin. > So If you would, I can try to help with the sign plugin. using Bouncy Castle or the Apache Commons OpenPGP wrapper thereof [1] would be awesome and would make the bui

Re: testing pgpverify-maven-plugin

the GitHub issue tracker [1]. Hope that helps. Best wishes, Andreas Sewe [1] <https://github.com/s4u/pgpverify-maven-plugin/issues/created_by/sewe> signature.asc Description: OpenPGP digital signature

Re: Requesting release of maven-jxr-plugin and maven-changes-plugin

Matt Nelson wrote: > Requesting release of maven-jxr-plugin and maven-changes-plugin. Is there > anything blocking these releases that I can assist with? > > Looking forward to using the contributions I made a while ago. > https://issues.apache.org/jira/browse/JXR-143 I second that for the maven

Re: [VOTE] Release Apache Maven JXR Plugin version 3.1.1

Hi, > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. just a user of the maven-jxr-plugin and not a committer, but I wanted to let you know anyway that version 3.1.1 works fine for me, even if I can

Re: [VOTE] Release Apache Maven JXR Plugin version 3.1.1

Hi Robert, > Regarding the voting, every vote counts, maybe especially from users. > Depending on the release manager, their negative votes might result in the > cancelling of the release. > A few years ago we decided to drop the word "binding" during the vote, > because it doesn't motivate non-

Re: Moving away from Modello

is normally already declared there -- but you cannot "see" that from your PlexusConfiguration. Note that this is *not* an argument in favour of dropping Modello; it is just an argument in favour of better namespace support (or rather awareness) in something like PlexusConfiguration. Best wishes, Andreas Sewe OpenPGP_signature Description: OpenPGP digital signature

Re: Feature proposal: Dependency deprecation indicators

Hi, I was previously just lurking here but following the discussion with interest. Here are my 2 cents: Chris Kilding wrote: > I think we could begin by working out some constraints for the feature... > > First, I think it should be possible to deprecate (or undeprecate) an > artifact without c

Re: Question - JDK Minimum of future Apache Maven 4.0.0

there cannot be separate toolchains for compilation and test. If that were to change with Maven 4, that would be great, of course. Hope this helps. Best wishes, Andreas Sewe [1] <https://issues.apache.org/jira/browse/NETBEANS-3679> [2] <http

Re: [EXTERNAL] [ANN] Apache Maven Version 3.5.0-alpha-1 Released

Hi, > Any chance the Aether work would somehow enable declaring server credentials > only once in settings.xml and then reusing them for multiple > build.repositories.repository nodes in pom.xml (such as when you have > multiple independent repositories within the same authentication realm of a

Re: Thoughts on MR-Jar support in Maven

Hi, > I would have thought that it was not Maven's responsibility to ascertain > that test passed in various JDKs, old and new. I agree that is is not Maven's responsibility to (out of the box) execute the tests against multiple JREs. If you think it is, one can just as well argue that it should

Dependency scopes and conflict resolution: Possible bug?

Hi Maven developers, I a trying to wrap my head around Maven's handling of dependency scopes and was wondering the following: Is the test-classpath always a super-sequence of the compile-classpath? AFAICT, this is the case. However, my experiments (using Maven 3.5.2) left me wondering whether I m

Re: Dependency scopes and conflict resolution: Possible bug?

Robert Scholte wrote: > You're hitting MNG-5739 > > Within a dependency-tree a groupId+artifactId is unique (nearest wins). > Such a dependency has 1 version, but also 1 scope. > By setting it explicit to test, you reduce the scope and it is not > available during compile anymore. > > Is this cor

Re: Dependency scopes and conflict resolution: Possible bug?

Jonathan Haber wrote: > As a workaround you can check out the dependency-scope-maven-plugin we > wrote: > https://github.com/HubSpot/dependency-scope-maven-plugin Thanks for the pointer; this indeed looks like a useful plugin. That being said, I wasn't experiencing this bug/misfeature myself. Rat

Re: [VOTE] Release Maven Indexer 6.0.0

Tamás Cservenák wrote: > [VOTE] Release Maven Indexer 6.0.0 Tested this in two applications: a Maven plugin and a Spring application. In both cases, I experienced no trouble. Thanks for doing the release, Tamás. Best wishes, Andreas signature.asc Description: OpenPGP digital signature

Re: [VOTE] Release Maven Indexer 6.0.0

Olivier Lamy wrote: > probably no issues for sure. > I just don't know if we will be able to still download the index from > central and use it with this new version > TBH I haven't done any testing etc so it's just questions :-) FYI, my testing included downloading the index from Central (to

Allowed characters in GAV and how/where to sanitize?

Hi Maven developers, doing a large-scale analysis of Maven Central, I've come across a couple of "weird" GAVs like this one: groupId=com.knappsack, artifactId=swagger4spring-web, version=mvn+release:perform [1]. The colon in the version raises the question as to the allowed characters in the diff

Re: Allowed characters in GAV and how/where to sanitize?

Hi Stephen, > In an url path segment space is mapped to + not quite. This holds only for the query part of an URI which is typically encoding according to the application/x-www-form-urlencoded scheme. Elsewhere in a URI, e.g., the path component, a space is simply percent-encoded a %20. > The re

Re: Allowed characters in GAV and how/where to sanitize?

Hervé BOUTEMY wrote: > notice that Central contains artifacts produced by Maven but also by other > tools: I did some analysis myself and found strange things also that are > clearly not produced by Maven. Scala for example produces some artifacts that > I doubt could be referenced by Maven. Ye

Re: Allowed characters in GAV and how/where to sanitize?

Fred Cooke wrote: > Re versions, I know the background on it, but it annoys me that maven can't > handle 4 part versions, 1.2.3.4 as sometimes it's handy to do a patch level > that deep. Lots of messed up software in the world :-) Are you sure that's still the case (the parts-restriction, not the

Re: main-class + module-version

Robert Scholte wrote: > Plexus Archiver is an archiver fully written in Java, so there has never > been the need to add toolchain support. > > It would be very nice if this could be solved without the need of the > external jartool or using it via a ToolProvider[1]. Also, if two separate tools mo

Re: Build vs Consumer POM study

Hi, > Naming Conventions > consumer pom must continue to be named pom.xml > build pom shall be called build.xml Please don't re-use a name already occupied by another build tool (in this case, Ant). Many IDEs associate editors based on file name and this would confuse them. Eclipse, for example,

Re: Build vs Consumer POM study

Hi, as a user of Maven and a researcher analyzing what's in Maven central, I would prefer to see in the "kept by choice" category as well. While may be more useful for end-user facing tools, in this day and age of badges pointing to CI servers on Github, I can still see this as useful for co

Re: RFC on MNG-6003: Drastically reduce JAVA_HOME discovery code

Hi, > Please go ahead and test it. > > Jenkins does not use the script as it seems: > [maven-3.x] $ > /home/jenkins/jenkins-slave/tools/hudson.model.JDK/jdk-1.7u51/bin/java > -Xmx2g -Xms256m -XX:MaxPermSize=512m -cp > /home/jenkins/jenkins-slave/maven3-agent.jar:/home/jenkins/jenkins-slave/tools/

Re: RFC on MNG-6003: Drastically reduce JAVA_HOME discovery code

Hi, >> FYI, Hudson 3.2.2 (in use for most builds at the Eclipse Foundation) >> does use the mvn script: BTW, this is the same with the latest Hudson (version 3.3.3) as well, so this seems to be a place where it diverged from Jenkins. >>> [INFO] Using Maven 3 installation: apache-maven-latest >>>

Re: Resolving properties in published poms

Hi Mark, > Is there anyway in current maven (3.3.9) that I can replace the > |DefaultDependencyCollector| with one of my own, that can use > maven-filtering and demangle the versions as appropriate? Can I register > a replacement in my |META-INF/plexus/components.xml| file for my > lifecycle exten

Re: Maven Server matching

Hi, > 1. Running several *different* flavours of SCMs on the same host. Say you > have a host called "repohost" which is both an SVN and a Git host. Ok, not > very likely, but alas not something possible today. FYI, Github does just that. In particular, they support "git clone" and "svn checkou

Re: [DISCUSSION] finishing Aether import: help find a new name

Jason van Zyl wrote: > It’s all Maven specific, it’s always been Maven specific and that’s > unlikely to change after how many years? Even if it can employ > different strategies it’s still the Maven Artifact Resolution API. No > one is going to use this API to resolve from NuGet, NPMJS, PyPi or >

Re: Project Dependency Trees schema...

Stephen Connolly wrote: > I am toying with having the format be xml.gz rather than xml > OTOH transport GZ should be easy and makes the file easier for users > to > inspect > > Thought? If you mean by "transport GZ", serving the XML with "Content-Encoding: gzip" by the repository manager, than

Re: Some thoughts on Maven 5

Stephen Connolly wrote: > Hmmm shower thinking now has me pondering if a custom DSL might be > better... something close to human friendly JSON with exceptions for > dependency declaration so that they are always specified as g:a:p:v:c:t > with the optional p and c being empty, e.g. g:a::v::t For

Re: Some thoughts on Maven 5

Stephen Connolly wrote: > https://hjson.org/ was what I had in mind... but it would be awesome if for > dependencies we didn't have to quote, e.g. > > scopes { > compile: [ > org.slf4j:slf4j-api::1.8.0::jar > ] > test: [ > junit:junit::4.12::jar > ] > } > > which is not valid hjso

Re: Some thoughts on Maven 5

Stephen Connolly wrote: > So now that I have a spec for the PDTs drafted, I have been thinking of how > that could influence Maven 5. Some things that came to mind, in no particular > order: May I suggest support for custom "transformation rules" when inheriting a value from the parent POM. Have

Re: Some thoughts on Maven 5

Stephen Connolly wrote: > * we should let the user define lifecycles directly in the Pom (ok, maybe we > don't *encourage it*) More packaging-related phases in the default lifecycle. I very much like the idea of a standard lifecycle, as it often forces you to rethink your project's structure. (m

More rigorous terminology - Was: Terminology proposal: "Maven module" -> "Maven sub-project"

Hi, just a long term Maven user here, but I'd like to chime, as I don't think renaming module to subproject is that big an improvement. In fact, it may actually lead to *more* confusion. Here's why: Maven has two *orthogonal* ways how to projects can relate to each other: aggregation and inherit

Re: Terminology proposal: "Maven module" -> "Maven sub-project"

Guillaume Nodet wrote: Maybe now is the time to re(de)fine our terminology: https://maven.apache.org/glossary.html. Yes, please! In fact, I didn't even know about the glossary (after 10+ years of using Maven). It's not linked from the POM Reference, for example. At any rate, I have just pro

Legitimate use of ToolchainManagerPrivate?

Hi all, I am using Maven to build benchmarks for JVM research. I have already written a plugin that bundles up the benchmarks harness, dependencies, and input data. This works like a charm. :-) To integration-test the benchmarks, I would like my plugin to run benchmark just build on a whole

Re: Legitimate use of ToolchainManagerPrivate?

Hi Stephen, have a look at animal sniffer @mojo the animal-sniffer-maven-plugin is definitely a very useful plugin, but just not for my use case; what I want is to verify that the benchmark being build *behaves* the same on different JVMs (produces identical outputs, doesn't crash the JVM).

Re: Legitimate use of ToolchainManagerPrivate?

Hi Stephen, hi Jörg, yep the code. there's some advanced use of tool chains in animal sniffer... no other plugin that I know of is as advanced in using tool chains OK, now I get it. Thanks. I'll have a look at the code and come back if I still have some questions. Best wishes, Andreas ---

Re: Legitimate use of ToolchainManagerPrivate?

Hi all, > OK, now I get it. Thanks. I'll have a look at the code and come back if > I still have some questions. I did have a look a the animal-sniffer-maven-plugin. Very interesting. One thing that I do not understand, however, is how to obtain access to an implementation of ToolchainManagerP

Re: Legitimate use of ToolchainManagerPrivate?

Hi all, sorry it took so long to reply, but here are my findings: > I remember when I was writing that plugin I found a couple of use cases for > tool chains that the initial spec had missed... there could be some hack I'm > doing... also are you using maven 2 or 3. I am using Maven 3; while an

Re: peri

Hi all. As a side-note: the current "provided" scope is not transitive, which IMHO doesn't make much sense. After all, if your environment magically provides dependency A that assures you that it also provides dependency B, then this should effectively mean that both A and B are provided. Or

Re: SCM info and modules

Hi, I'm not 100% sure it should be inherited at all. Inheriting unchanged is only valid for something like Git, but probably never for SVN. However, as you point out, Maven's current guess is usually not good enough either. the problem is really that Maven currently has only a single element f

Re: [DISCUSS] SCM child-project URL composition

Hi, here's a use case/convention which neither the current "append child's artifactId" strategy nor the "static:" prefix can handle. The parent project uses something like /scm-root/ and the modules/children use /scm-root/modules/${project.artifactId} IMHO, the only fully flexible solut