Apache Maven may follow repositories that are defined in a
dependency’s Project Object Model (pom) which may be surprising to
some users, resulting in potential risk if a malicious actor takes
over that repository or is able to insert themselves into a position
to pretend to be that repository.
+1
On Sun, Jun 9, 2019 at 5:32 AM Karl Heinz Marbaise wrote:
>
> Hi,
>
> +1 from me.
>
> Kind regards
> Karl Heinz Marbaise
> On 07.06.19 15:32, Robert Scholte wrote:
> > Hi,
> >
> > The Apache Maven project consist of about 90 (sub)projects. Due to the
> > small number of volunteers and the
Last year, we deprecated old and insecure TLS protocols on Central to
make access more secure. This year, we're moving things forward again
by deprecating and later removing access to insecure by default HTTP
access.
Right now this affects less than 20% of the traffic hitting Central.
To find out
Can you attach your logs as text? Most people aren't going to watch a video
to see what you did and the screenshot was not sent through to the mail so
there's no way to see what your error was.
On Thu, Jan 3, 2019 at 8:35 PM Mikail Eryilmaz
wrote:
>
>
>
>
> Skickades från E-post
--mobile
> On Jul 25, 2018, at 9:24 PM, Mark Derricutt wrote:
>
> On 26 Jul 2018, at 12:55, Brian Fox wrote:
>
> Find the Maven Plugin docs here:
> https://sonatype.github.io/ossindex-maven/maven-plugin/
>
> This looks awesome! One nit pick tho - the XML plu
You probably know Sonatype for our work in the Maven community, Nexus
Repository Manager, and for hosting Central. You may not know that for
the last 7 years we've also been leading the way in solutions that
allow developers to innovate faster and be able to improve security,
license compliance
Bumping this again. Cutover is next week.
On Mon, May 21, 2018 at 2:22 PM, Brian Fox wrote:
> The march of standards continues unabated. Legacy TLS protocols 1.0
> and 1.1 have varying weaknesses that could lead to a false sense of
> security.
>
> In June, in an effort to
The march of standards continues unabated. Legacy TLS protocols 1.0
and 1.1 have varying weaknesses that could lead to a false sense of
security.
In June, in an effort to raise security and comply with modern
standards, the insecure TLS 1.0 & 1.1 protocols will no longer be
supported for SSL
On Wed, Feb 14, 2018 at 9:31 PM, Eric B wrote:
> Bernd,
>
> Nexus 3.x does not support staging repos b/c they are rewriting the entire
> platform to support not just Maven artifacts, but any type of repo-based
> artifact. Ex: docker images, npm dependencies, etc...
This is
You still have something wrong with the repositories in your pom or the
settings.xml. Making requests to Nexus /releases would generally only
be done for _your_ internal components, not for things like http client or
the clean plugin. You would normally have requests to .../public instead.
I'm
it official
Everyone else,
Time to shout out if you have any issues / suggested improvements on the
content
- Stephen
On Friday, 2 August 2013, Stephen Connolly wrote:
On 2 August 2013 16:07, Brian Fox bri...@infinity.nu javascript:_e({},
'cvml', 'bri...@infinity.nu'); wrote:
I think
I think the bulk of this is pretty good. On the fork section, specifically:
As soon as changes in that
fork are identified which should be brought back to the project those
changes should be introduced into at least a branch hosted on the Apache Maven
source control in order to facilitate the
On Fri, Aug 2, 2013 at 12:10 PM, Stephen Connolly
stephen.alan.conno...@gmail.com wrote:
So anyway, I now have this ultra whizzbang high performance logging API and
I am aware of some deficit in the logging performance of Maven, so I spin
up a private fork (it could be a hidden private fork, or
On Aug 2, 2013, at 12:30 PM, Paul Benedict pbened...@apache.org wrote:
I've stated from the beginning of this thread that it's impossible to
prevent someone from developing outside of Apache. I stand by that still.
That can't be prevented and any attempt will fail since it's not practical.
Looking at the logs, it appears that you are trying to actually stage
the parent, not your project. You don't have permissions to stage the
oss parent, hence the error.
On Fri, Jul 19, 2013 at 8:25 AM, Richard Sand rs...@idfconnect.com wrote:
Hi all - trying to get my first plugin released into
SCP to Nexus isn't supported, and writing directly to the storage
underneath Nexus isn't really supported either. If the concern is
about having a password in the settings.xml, take a look at User
Token[1]. Ironically this feature started out with a desire to support
SCP but for a number of
That's a good post to sum up all the options.
On Thu, Mar 21, 2013 at 8:15 AM, Stephen Connolly
stephen.alan.conno...@gmail.com wrote:
I think mailing lists are not the best way to explain why different
solutions are to be preferred when ranking against what is best for the
Maven ecosystem as
I haven't had time lately to follow a lot of the user list threads,
but this one got my attention so I read the whole thing last night.
Without having any background on Joachim's previous threads, and
judging everything only based on this one, I was kind of
surprised...not in a good way. If this
Barrie, the stats for all maven artifacts are available to maven
committers by logging in to the https://repository.apache.org instance
and clicking on Central Stats
On Thu, Mar 14, 2013 at 9:06 PM, Barrie Treloar baerr...@gmail.com wrote:
Just wanted to bring this to the users list and ensure that those reading
the release notes see the security alert for 3.0.4:
CVE-2013-0253 Apache Maven
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Maven 3.0.4
- Apache Maven Wagon 2.1, 2.2, 2.3
-- Forwarded message --
From: Olivier Lamy ol...@apache.org
Date: Sat, Feb 23, 2013 at 9:59 AM
Subject: [SECURITY] CVE-2013-0253 Apache Maven 3.0.4
To: annou...@apache.org, annou...@maven.apache.org
Cc: Maven Developers List d...@maven.apache.org
VE-2013-0253 Apache Maven
You've run into a non-supported edge case.
On Mon, Feb 11, 2013 at 4:17 AM, Reinhard Nägele
reinhard.naeg...@mgm-tp.com wrote:
Hello,
A couple of years ago I used a plugin execution in the validate phase to
bootstrap jars that were not available on Maven Central as suggested in
[1]. I
Are you positive you are using jar plugin version 2.3?
On Mon, Jan 7, 2013 at 11:26 AM, Anthony Dahanne
anthony.daha...@gmail.comwrote:
Hello all,
I am using Maven 3 with Nexus 2.
I am building a cli tool (let's call it cli) , which has dependencies on
some other libraries (let's call them
N oone has been blacklisted in a while. Can you give us the headers like
shown here:
$ curl -I
http://repo1.maven.org/maven2/org/apache/avalon/framework/avalon-framework-api/4.3.1/avalon-framework-api-4.3.1.jar
The problem below is because your configuration is inside an execution,
which when run from the command line like mvm enforcer:enforce won't be
activated. Either bind this plugin to a phase as part of your build, or
move the configuration element outside the executions block.
On Thu, Oct 11, 2012
On Sat, Aug 25, 2012 at 6:48 AM, Robert Scholte rfscho...@apache.org wrote:
This sounds like https://jira.codehaus.org/browse/MNG-5324
Agree, that looks like the same thing. I tested all different forms of
this with Nexus and the metadata was verified to be correct each time.
I didn't check
On Fri, Aug 24, 2012 at 5:27 PM, Laird Nelson ljnel...@gmail.com wrote:
On Fri, Aug 24, 2012 at 1:52 PM, David Hoffer dhoff...@gmail.com wrote:
We have been having nothing but trouble with Nexus and
Maven3 with the time-stamped snapshots and all the various metadata
files that Nexus spits out
On Fri, Aug 24, 2012 at 5:43 PM, David Hoffer dhoff...@gmail.com wrote:
I can't say the whole problem is with Nexus. I can say that the
requirement in Maven3 to always use timestamped snapshots has not be
addressed in a complete way with tools like Nexus and my beloved IDE
IntelliJ. We have
Just over a year ago we evolved the Central architecture to be globally
load balanced with 2 servers in the US and 2 more in the UK. This year,
we've gone even futher to increase reliability and delivery performance.
We evaluated several options and ultimately settled with Edgecast as the
Which rule spits that out? This seems unusual.
On Thu, Jul 19, 2012 at 6:11 PM, Laird Nelson ljnel...@gmail.com wrote:
The Maven Enforcer plugin version 1.1.1 outputs a ton of information at the
INFO level that seems to me to be repetitive and uninteresting. Here is an
excerpt from a normal
If it's an oss project, then you can use
https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide
On Wed, Jun 20, 2012 at 11:37 AM, fachhoch fachh...@gmail.com wrote:
we dont a local nexus repo mamnager installed , and we are developers
working in remote
Nexus Pro has functionality that would allow you to do mirroring, we have a
bunch of customers doing exactly what you ask.
On Fri, Jun 1, 2012 at 12:53 PM, Phillip Hellewell ssh...@gmail.com wrote:
Hi,
Our company would like to mirror our Maven repository at a remote
location. Currently
Found the email Russ ;-)
Anyway, repository.s.o isn't intended to be a mirror, it's just a
proxy used primarily by us for internal use and for oss users building
our stuff. http://search.maven.org has replaced the need to use rso's
search as well.
Regarding why the files aren't in the
Everything is stored in the sonatype-work/nexus folder. Copy that folder to
another machine and you have duplicated your entire instance.
On Thu, Apr 26, 2012 at 10:01 PM, hujirong jirong...@gmail.com wrote:
The one I am using in my test environment is not professional, but a free
one. I don't
Make a request here and I can attach the poms for you:
https://issues.sonatype.org/browse/MVNCENTRAL
On Tue, Apr 10, 2012 at 1:17 PM, Wayne Fay wayne...@gmail.com wrote:
If you wanted to scrape Maven Central for just the poms then I'd
contact Sonatype who manage the central repository.
As
It looks to me like your settings.xml isn't defining a pluginRepository.
On Thu, Nov 10, 2011 at 7:09 AM, brian2011 brian@barcap.com wrote:
Hi,
I'm using Maven 2.2.1 and Nexus 1.7.2. Nexus is configured as an internal
repository manager with a single nexus group to external repository
A new version of the indexer was released and requested to be rerun
over central. That means a new full index was generated, when
typically it is just an incremental index. The size of the file and
speed of ibiblio seems to be giving some people trouble. But it should
sort itself out, besides
Maybe you're behind a firewall that hasn't adjusted to the new ips?
http://www.sonatype.com/people/2011/07/the-central-repository-is-getting-faster-are-you-ready-for-the-new-ips/
On Wed, Aug 31, 2011 at 5:49 PM, Jason Pyeron jpye...@pdinc.us wrote:
Not sure if this is the right place to ask,
Release forks the build and therefore not all the parameters are
passed through. There is a parameter for the plugin though to specify
which agurments to pass, I forget what it is, but I'm sure you know
how to find it ;-)
On Sun, Sep 4, 2011 at 1:48 PM, Benson Margulies bimargul...@gmail.com
I google'd for jboss maven repo moved and found the following blog
post which explains this repo was deprecated over a year ago and was
finally shut down in early June 2011.
http://community.jboss.org/en/build/blog/2011/06/01/blocking-repositoryjbossorgmaven2
My money is on ^^^
If this is an external repo: If the repository publishes an index, use
that. Otherwise, what you're doing would likely be perceived as
scraping and get you banned from remote repositories.
If this is an internal repo, then use the maven-indexer to produce an
index for you.
On Mon, Aug 29, 2011
It's because Github returns a 404 on your repo:
https://raw.github.com/davidhoyt/mvn-repo/master/maven2/snapshots/ and
this makes Nexus think the repo isn't available. Disable the Auto
blocking and it should work.
On Tue, Aug 23, 2011 at 2:28 AM, Hoyt, David ho...@llnl.gov wrote:
I'm trying to
What is the failure that you're seeing here? The changes look
appropriate since the contents of maven/1 and maven/2 are now in
Central, so removing those repo declarations should have no effect.
On Fri, Aug 19, 2011 at 10:18 AM, Blaney, Kyle (Kyle) kbla...@avaya.com wrote:
We recently
. In pom.xml, specify our Nexus java.net copy as the first repository and
in settings.xml, specify our Nexus java.net copy as the first mirror.
Kyle
-Original Message-
From: Brian Fox [mailto:bri...@infinity.nu]
Sent: Friday, August 19, 2011 12:33 PM
To: Maven Users List
Subject: Re
On Fri, Aug 19, 2011 at 4:35 PM, Thiessen, Todd (Todd)
tthies...@avaya.com wrote:
Thanks for clarifying. Hopefully we can get some advice here wrt the policies
regarding different artifacts with the same GAV.
This is a very rare circumstance. What happened was we merged java.net
with Central.
It appears like you aren't using groups in Nexus. Your maven shouldn't
be telling you it's looking in the jboss repo, it should be looking in
your nexus group and nexus deals with the other repos. You would
normally do this in your settings with a mirrorOf * -
nexus/content/groups/public for
As of this morning we enabled the global load balancing and users
closest to the EU Nameservers will start hitting the UK server
automatically.
On Fri, Jul 29, 2011 at 12:24 PM, Brian Fox bri...@infinity.nu wrote:
We're moving around some switching gear to have faster internet access
We're moving around some switching gear to have faster internet access
for Central. Because of this, the ip numbers for the US Central
servers will change. This should not affect most users unless your
corporate IT has firewall rules locked to the old ips. You can see
more details about the change
default is:
overWriteIfNewer=true
overWriteReleases = false
overWriteSnapshots=false
Setting the releases or snapshots to true will cause it to ignore the
if newer check.
On Wed, Jul 27, 2011 at 11:13 AM, KARR, DAVID (ATTSI) dk0...@att.com wrote:
-Original Message-
From: Brian Fox
the dependencies of another project (not the current one).
Thanks,
Gili
Brian Fox-2 wrote:
It does not support transitivity yet. You can use copy-dependencies and
combinations of the filters to get the artifacts you need
Chris Burroughs wrote:
I assumed from the frequent references
you can set a flag to tell it to always unpack. I forget the exact
param, but it's in the docs.
On Tue, Jul 26, 2011 at 5:01 PM, KARR, DAVID (ATTSI) dk0...@att.com wrote:
-Original Message-
From: GALLAGHER, RON (ATTSI)
Sent: Tuesday, July 26, 2011 12:03 PM
To: Maven Users List
If the snapshot was resolved from a repo then it will be timestamped,
if it came from the reactor or local repo, then it will be -SNAPSHOT.
The plugin calls into the maven resolution logic so this is core maven
behavior.
In 2.2, resolution from the reactor was introduced for these goals,
One reason you might do it is to enable a repository to be searched
for snapshots. By default, Maven's built-in definition of 'central'
only has releases enabled. Unless you define another repository
somewhere that has snapshots enabled, Maven will never retrieve any
snapshots.
This is
You should always fetch from repo1.maven.org/maven2/.index
On Tue, Jun 21, 2011 at 5:50 AM, amaresh mourya
amaresh.mou...@gmail.com wrote:
Hi,
I am unable to ping [ http://repo2.maven.org.s3.amazonaws.com/.index/ ]
location. Whereas ping to [ http://repo1.maven.org/maven2/.index ] is
local first, then it starts looking in configured repositories (from
settings, pom, super-pom)
On Tue, May 24, 2011 at 10:45 AM, uday shankar adonis.u...@gmail.com wrote:
Hi,
Where does maven pick the jars from (first) local repo or central repo?
Regards,
Uday
--
View this message in
It's also worth mentioning that Nexus Professional's Procurement
feature is built for exactly the use case you have. It's meant to have
a hard firewall like separation between internal and external
artifacts and rules that allow you to approve whitelist/blacklist
style, or by wildcard or other
On Tue, May 17, 2011 at 3:50 PM, Russ Tremain ru...@releasetools.org wrote:
I use the maven-dependency plugin for jar and war packaging.
It is flexible and non-judgmental.
This is particularly important when you are converting a large project over
to maven and cannot follow some maven
You don't need to bootsrap it, just setup a repo like Nexus and let it
proxy on demand the things you need. In that case a bootstrap might
simply mean run all our builds and/or run mvn dependency:go-offline to
resolve everything you need.
On Wed, May 18, 2011 at 5:21 PM, Heck, Gus (Patrick)
I just wanted to close the loop on this, http://search.maven.org is
now updated incrementally in lockstep with the contents of Central.
On Fri, May 6, 2011 at 9:53 AM, Brian Fox bri...@infinity.nu wrote:
On Fri, May 6, 2011 at 3:54 AM, Nord, James jn...@nds.com wrote:
Hi Brian,
we incorporate
In short, we're moving to a clustered IP for the US Central machines
to improve the reliability and get automatic failover. We know some
users have firewall rules locked to the existing IP, if that's you,
pay attention:
We're failing over to the backover IP tonight so we can install the
clustered
On 2011-05-05, at 12:52 PM, Brian Fox wrote:
Than you, i'll let the team know.
Also, we've adjusted how the redirects work and included a static page
so people don't feel like the repo was hijacked:
http://repo2.maven.org/maven2/org/
Deeper links to artifact folders will show the older index
is minimal.
Just don't want it forgotten that just as it is in repo1.m.o it may not be in
uk.m.o (and if it is in the process of being synced could be only be
partially there?)
Thanks for the quick workaround.
/James
-Original Message-
From: Brian Fox [mailto:bri...@infinity.nu
This was an attempt to block the constant scrapers that are attempting
to crawl the entire repository for no good reason, and the bandwidth
isn't free.
The index used to serve the search is not the same index used by M2e.
Fwiw, the m2e indexes are updated daily now, but I need to see why
this
system.
Regards,
/james
-Original Message-
From: Brian Fox [mailto:bri...@infinity.nu]
Sent: 05 May 2011 12:06
To: Maven Users List
Subject: Re: central repo?
This was an attempt to block the constant scrapers that are attempting to
crawl the entire repository for no good
On Thu, May 5, 2011 at 7:09 AM, Anders Hammar and...@hammar.net wrote:
Regarding the m2e indexes, at what time are they updated?
3:22 CST daily.
-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional
with IE8 and it worked fine. Needless to say
Chrome and FF work just fine.
-Jim
-Original Message-
From: Brian Fox [mailto:bri...@infinity.nu]
Sent: Thursday, May 05, 2011 8:50 AM
To: Maven Users List
Subject: Re: central repo?
On Thu, May 5, 2011 at 7:09 AM, Anders Hammar
After debuging Maven I noticed that even having the mirror defined,
SNAPSTHOP version of plugins always were resolved agains Maven`s central
repository (repo1.apache.org). So we found a workaround overriding central
and snapshot repositories in the setting xml. After that, it worked.
is
The warning is talking about the plugin versions rule. Off hand
nothing jumps out as being wrong with the config to me. It's been too
long since I wrote this rule to recall off the top of my head how it's
processed. Take a look at the code and see how includes, excludes are
handled. There may be
on the multiproject I get target/classes.
That seems to be the opposite to what you have described?
/Lucas
On 04/08/2011 07:52 PM, Brian Fox wrote:
It's not a hack, the plugin asks maven core to resolve the artifacts and the
objects it gets back have file handles. In reactor builds with sibling
It's not a hack, the plugin asks maven core to resolve the artifacts and the
objects it gets back have file handles. In reactor builds with sibling
dependencies, those handles point to the sibling target folder. If you do a
compile reactor build, those handles will point to the /target/classes
The ip change is part of some networking and hosting upgrades that
we've undertaken to ensure the stability of the repository. We
actually have 4 systems now that could be serving Central at any given
time. There are 2 hosts in the UK and two virtual machines in the US
(served from a 6 node
mvn -N site-deploy
On Tue, Mar 1, 2011 at 4:50 PM, Brian Ferris bdfer...@gmail.com wrote:
I have a large multi-module project that I wish to build a site for using
Maven's site functionality. The trick is that I'd like to avoid building
the sub-module sites as well. Building the individuals
The Maven team is pleased to announce the 2.2 release of the Maven
Dependency Plugin:
http://maven.apache.org/plugins/maven-dependency-plugin
Release Notes - Maven 2.x Dependency Plugin - Version 2.2
** Bug
* [MDEP-138] - unpack of tar files fail with ArchiverException:
chmod exit code
you can also use the dependency plugin to copy/fetch files and strip
off the version.
On Wed, Feb 16, 2011 at 3:37 AM, Marc Rohlfs pomar...@googlemail.com wrote:
Another idea might be:
1. In Your Maven project, create a text file with the following content:
We are working on this already
--mobile
On Feb 11, 2011, at 8:34 PM, Benson Margulies bimargul...@gmail.com wrote:
I am hoping that some person who works at Sonatype will have pity on me.
People who work for Oracle seem to have strong feeling that they are
only supposed to deliver things to
What new features specifically?
On Fri, Feb 11, 2011 at 10:56 AM, Benson Margulies
bimargul...@gmail.com wrote:
Would there be any sympathy for a JIRA asking for a maven 2.2.x change
so that the new features of settings.xml (e.g. mirrors) would be
tolerated by maven 2? Since you all didn't
fyi, I'll try to cut the release this weekend.
On Thu, Feb 3, 2011 at 2:31 PM, Wayne Fay wayne...@gmail.com wrote:
Good news. I delved into this last week and came up with an even
better patch, and the developer Brian Fox just applied it!
Great job, Phillip. We need more people like you
Hi Craig, there's also release-disc...@apache.org to talk about
release processes specific to Apache.
On Tue, Feb 1, 2011 at 5:54 PM, Craig L Russell
craig.russ...@oracle.com wrote:
Thanks Kalle, looks like the right level for me to master before I ask more
detailed questions.
Craig
On Feb
AIRN is requiring that Contegix renumber our machines in the UK so
tonight one of them will change and tomorrow the other will change. As
always, you should address them using http://uk.maven.org to allow
failover but I know occasionally people have to poke holes in their
firewalls based on ip.
i don't think the classpath is filtered based on those values in this
goal, it just dumps the actual classpath that would match the desired
scope.
On Mon, Jan 17, 2011 at 10:52 AM, John Anderson dayt...@comcast.net wrote:
I am trying to use dependency:build-classpath. If I run mvn
so good at answering questions ;-)
Welcome Wayne!
--Brian Fox
Apache Maven PMC Chair
-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
The 500 is an internal error on the Nexus side. We'll need to see your
Nexus logs to see what happened. You should send those to the nexus
user list for a quicker answer.
On Fri, Jan 14, 2011 at 9:01 AM, martib bruno.ma...@evard.ch wrote:
I'm facing a problem under M3.0.2 or 3.0.1 with Nexus
Don't use RELEASE or LATEST.
On Fri, Dec 17, 2010 at 7:43 AM, Asmann, Roland roland.asm...@adesso.at wrote:
Hi all,
I'm writing an enforcer-rule, that should check if my parent is the
LATEST version. How can I get the actual version for 'LATEST'?
Thanks!
--
Roland Asmann
Senior Software
You shouldn't mix unique and non-unique versions of the same snapshot artifact
--mobile
On Dec 6, 2010, at 5:22 PM, KARR, DAVID (ATTSI) dk0...@att.com wrote:
If I have an artifact with version n.n.n-SNAPSHOT in my user repo
and the same artifact with version n.n.n-SNAPSHOT in the local nexus
dependency:copy-dependencies sounds like what you want.
On Fri, Dec 3, 2010 at 7:41 AM, amaresh mourya amaresh.mou...@gmail.com wrote:
Hi,
dependencyManagement
dependencies
!-- Internal project dependencies --
dependency
groupId${project.groupId}/groupId
We do a little bit of sleuthing when resolving these types of issues
to make sure the file hasn't been changed, which is why automatic
correction isn't implemented. We are working on process to ensure that
no new things come in this way. It can only happen today via the old
rsync mechanisms and
Soon. I resolved a ton of issues at ApacheCon and just ran out of time
to wrap it up. I'll be getting back to it in the next week or so.
On Wed, Dec 1, 2010 at 10:19 PM, Dan Tran dant...@gmail.com wrote:
me too :-)
On Wed, Dec 1, 2010 at 10:04 AM, Jim McCaskey
jim.mccas...@pervasive.com
Repository.apache.org exposes nexus' rest interface
--mobile
On Dec 2, 2010, at 4:44 PM, Russ Tremain ru...@releasetools.org wrote:
anyone know of a web-service interface to any of the public maven artifact
lookup services?
tia,
-russ
Lets look at this closely:
On Mon, Nov 29, 2010 at 8:36 AM, Jon Strayer j...@strayer.org wrote:
On the 24th of November my reports build failed. The failure message is:
Unable to read local copy of metadata: Cannot read metadata from
mvn dependency:sources and/or mvn dependency:resolve
-Dclassifier=sources or -Dclassifier=javadoc
if you use m2eclipse, then it will get the sources/javadocs
automatically as needed.
On Sun, Nov 14, 2010 at 12:26 PM, piloupy GOTTAPIL pilo...@gmail.com wrote:
Hi,
I've search for nearly half a
We've just discovered a Google App Engine app called pomyard abusing
several repos. Based on the behavior and name of the service, I have
reason to believe they may be attempting to scrape public all maven
repos not just central, ignoring robots.txt. If you have a public
repo, I suggest you block
The Maven team is pleased to announce the release of the Maven
Enforcer Plugin, version 1.0
Maven Enforcer Plugin - The Loving Iron Fist of Maven™ The Enforcer
plugin provides goals to control certain environmental constraints
such as Maven version, JDK version and OS family along with many more
The use of the non-standard scopes is not currently a valid use case,
so I'd say it's flexmojos with the bug here. It may work for now but
who knows what those scopes could do to other tools.
On Fri, Nov 5, 2010 at 1:27 PM, Rafael Adson Barbosa Barros
mi...@rafaeladson.com wrote:
Hi,
I'm
If you happen to find yourself in Atlanta on Wed, Nov 3rd at 8pm, and
want to talk about Maven, come join the meetup. You can find details
and the signup page here:
http://na.apachecon.com/c/acna2010/schedule/meetups
-
To
I'll add comments but I don't think this is a bug.
On Mon, Oct 25, 2010 at 4:23 PM, Phillip Hellewell ssh...@gmail.com wrote:
On Mon, Oct 25, 2010 at 11:07 AM, Haszlakiewicz, Eric
ehas...@transunion.com wrote:
I was finally able to test this with the 2.2 release version, and it
fails for me
A simple scan of the release notes reveals this was introduced
intentionally by MASSEMBLY-464
On Mon, Oct 25, 2010 at 4:58 PM, Wendy Smoak wsm...@gmail.com wrote:
On Mon, Oct 25, 2010 at 1:07 PM, Haszlakiewicz, Eric
ehas...@transunion.com wrote:
-Original Message-
From: Wendy Smoak
That's not used anymore, you want this:
https://docs.sonatype.org/display/Repository/Uploading+3rd-party+Artifacts+to+Maven+Central
On Thu, Oct 21, 2010 at 5:55 PM, Stevo Slavić ssla...@gmail.com wrote:
Hello Apache Maven users,
On Maven Upload Request
As you know, Maven Central has become an increasingly important
resource for the development community at large. We've put several
efforts forward earlier this year to help improve the content As you
know, Maven Central has become an increasingly important resource for
the development community at
the site, couldn't find anything.
Thanks.
-Original Message-
From: Brian Fox [mailto:bri...@infinity.nu]
Sent: Friday, October 08, 2010 2:53 PM
To: Maven Users List
Subject: Re: maven 3.0
It's telling you the rule doesn't work in 3.x, that's the current
state. 3.x has similar
Perhaps some -X debug output would help track down where this comes
from. If it's coming from processing of a dependency's pom, then I
would say that you should file a bug report since warning about a pom
you can't control just makes this noise and will cause people to
ignore valid warnings.
On
1 - 100 of 453 matches
Mail list logo