You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2021/02/22 12:47:00 UTC

[jira] [Created] (OFBIZ-12186) Dependency verification

Jacques Le Roux created OFBIZ-12186:
---------------------------------------

             Summary: Dependency verification 
                 Key: OFBIZ-12186
                 URL: https://issues.apache.org/jira/browse/OFBIZ-12186
             Project: OFBiz
          Issue Type: Sub-task
          Components: Gradle
    Affects Versions: Trunk
            Reporter: Jacques Le Roux


I posted a related message in dev ML: https://markmail.org/message/55r5ycn2wrbotnbn:

{quote}
Hi,

I just read a members thread about this article: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

One member mentioned that the Groovy project is using the Gradle's dependency verification feature\[1] in the Apache Groovy build.

I suggest we do the same, even after the move from JCenter to MavenCentral where things should be safer.

What do you think?

\[1] https://docs.gradle.org/current/userguide/dependency_verification.html 

Jacques
{quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)