You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Brian Demers (Closed) (JIRA)" <ji...@apache.org> on 2012/03/07 15:14:59 UTC
[jira] [Closed] (INFRA-4522) Nexus should check that pom metatdata
agrees with the pom in the associated jar
[ https://issues.apache.org/jira/browse/INFRA-4522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers closed INFRA-4522.
-------------------------------
Resolution: Unresolved
Feature request moved to:
https://issues.sonatype.org/browse/NEXUS-4936
> Nexus should check that pom metatdata agrees with the pom in the associated jar
> -------------------------------------------------------------------------------
>
> Key: INFRA-4522
> URL: https://issues.apache.org/jira/browse/INFRA-4522
> Project: Infrastructure
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Nexus
> Reporter: Sebb
> Assignee: Brian Demers
>
> Where a pom describes a jar that contains a pom, Nexus should check that the metadata agrees.
> This would have prevented some projects from releasing renamed jars using incorrect Maven metadata.
> For example, the external metadata:
> <dependency>
> <groupId>org.apache.solr</groupId>
> <artifactId>solr-commons-csv</artifactId>
> <version>3.5.0</version>
> </dependency>
> actually refers to
> <groupId>org.apache.commons</groupId>
> <artifactId>commons-csv</artifactId>
> <version>1.0-SNAPSHOT</version>
>
> Ideally, there should also be some check of the package names for jars that don't have embedded POMs, as for example:
> <dependency>
> <groupId>org.apache.solr</groupId>
> <artifactId>solr-carrot2-core</artifactId>
> <version>3.5.0</version>
> </dependency>
> which uses the org.carrot2 package name space - which is unlikely to be an ASF package name.
> However, this is tricky to do accurately, so should probably only generate a warning.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira