You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2022/01/17 20:48:00 UTC

[jira] [Comment Edited] (TIKA-3648) Fail build if ossindex-maven-plugin violation is detected

    [ https://issues.apache.org/jira/browse/TIKA-3648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477407#comment-17477407 ] 

Tim Allison edited comment on TIKA-3648 at 1/17/22, 8:47 PM:
-------------------------------------------------------------

We used to do this.  It was a pain for folks trying to build earlier tags locally.  See TIKA-2980 and TIKA-2887, and I think a couple of emails on user@ or dev@.

The build can also break during the release process, which is less than entirely fun.

I've documented in the Tika release notes that the release manager should turn it on to ensure a clean build at the point in time right before running the release.

I'm not -1 on this.  I willing to give it a try again, but I did want to document that we used to do this and made the choice to turn it off.


was (Author: tallison@mitre.org):
We used to do this.  It was a pain for folks trying to build earlier tags locally.  See TIKA-2980.

The build can also break during the release process, which is less than entirely fun.

I've documented in the Tika release notes that the release manager should turn it on to ensure a clean build at the point in time right before running the release.

I'm not -1 on this.  I willing to give it a try again, but I did want to document that we used to do this and made the choice to turn it off.

> Fail build if ossindex-maven-plugin violation is detected
> ---------------------------------------------------------
>
>                 Key: TIKA-3648
>                 URL: https://issues.apache.org/jira/browse/TIKA-3648
>             Project: Tika
>          Issue Type: Improvement
>          Components: build, security
>    Affects Versions: 2.2.1
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Critical
>             Fix For: 2.2.2
>
>
> The ossindex-maven-plugin can really assist us in detecting and preventing security vulnerabilities and also mitigating associated risk and exposure.
> I propose to fail the build if ossindex-maven-plugin violation is detected
> https://github.com/apache/tika/blob/main/tika-parent/pom.xml#L639



--
This message was sent by Atlassian Jira
(v8.20.1#820001)