You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Brian Demers (Closed) (JIRA)" <ji...@apache.org> on 2012/03/07 15:14:59 UTC

[jira] [Closed] (INFRA-4522) Nexus should check that pom metatdata agrees with the pom in the associated jar

     [ https://issues.apache.org/jira/browse/INFRA-4522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Demers closed INFRA-4522.
-------------------------------

    Resolution: Unresolved

Feature request moved to:
https://issues.sonatype.org/browse/NEXUS-4936
                
> Nexus should check that pom metatdata agrees with the pom in the associated jar
> -------------------------------------------------------------------------------
>
>                 Key: INFRA-4522
>                 URL: https://issues.apache.org/jira/browse/INFRA-4522
>             Project: Infrastructure
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Nexus
>            Reporter: Sebb
>            Assignee: Brian Demers
>
> Where a pom describes a jar that contains a pom, Nexus should check that the metadata agrees.
> This would have prevented some projects from releasing renamed jars using incorrect Maven metadata.
> For example, the external metadata:
> <dependency>
>   <groupId>org.apache.solr</groupId>
>   <artifactId>solr-commons-csv</artifactId>
>   <version>3.5.0</version>
> </dependency>
> actually refers to 
>   <groupId>org.apache.commons</groupId>
>   <artifactId>commons-csv</artifactId>
>   <version>1.0-SNAPSHOT</version>
>  
> Ideally, there should also be some check of the package names for jars that don't have embedded POMs, as for example:
> <dependency>
>   <groupId>org.apache.solr</groupId>
>   <artifactId>solr-carrot2-core</artifactId>
>   <version>3.5.0</version>
> </dependency>
> which uses the org.carrot2 package name space - which is unlikely to be an ASF package name.
> However, this is tricky to do accurately, so should probably only generate a warning.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira