You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@maven.apache.org by Stephen Connolly <st...@gmail.com> on 2018/01/13 14:33:47 UTC

I think it’s time to push another core release...

1 weeks notice before I declare a code freeze.

If you want to identify release blockers reply here and i’ll assess how
long to hold up until they are fixed
-- 
Sent from my phone

Re: I think it’s time to push another core release...

Posted by Stephen Connolly <st...@gmail.com>.

On Sat 13 Jan 2018 at 20:50, Sylwester Lachiewicz <sl...@gmail.com>
wrote:

> I would like to add dependency upgrde for maven-resolver, as soon as we can
> have rel).
> for resolver there is improvment to concurrent download poms - can have
> positive impact on time.
> I would also upgrade dep for maven-pom to 30 (as other plugins and utils
> already had)
>
> I have more fixes not published yet becouse I saw no progress to merging
> other pull requests on Github yet.


I have limited time to work on Maven at present.

The time I do have is focused on:

* our use of Jenkins,
* trying to plan / spec Maven 5
* driving a semi-regular release cadence for core.

If fixes miss one release i’m happy to run another... at approx 6 weeks
minimum 3 months maximum time between releases.

Hopefully others can help you on the road to being able to merge your
changes yourself (and my reply here may drum up that help too ;-) )

- Stephen


>
> sylwester
>
> On Sat, 13 Jan 2018 at 18:43, Karl Heinz Marbaise <kh...@gmx.de>
> wrote:
>
> > Hi,
> >
> > I would like to see in 3.5.3 if there are no objections:
> >
> > * MNG-6298 3.5.2: ClassNotFoundException:
> > javax.annotation.security.RolesAllowed
> > * MNG-6312 Update Maven Wagon dependency (based on CVE-2015-6748
> > )
> >
> > * MNG-6326 Build continues when core extensions aren't found
> >     WDYT ?
> >
> > * MNG-6096
> >     I had the idea in mind to enhance the ComparableVersion
> >     (change only from private to public to make parts accessible)
> >     and enhance the implementation of DefaultArtifactVersion
> >     based on that to get the correct information
> >     from ComparableVersion which parses all the information
> >     and handling all the different cases.
> >     The same issue came up in versions-maven-plugin and
> >     build-helper-maven-plugin (where I removed the usage of
> >     DefaultArtifactVersion) to handle versions correctly
> >     and in the same way as in Maven itself.
> >     Maybe We can make a separate project to test
> >     different ideas...and postpone the deprecation
> >     to 3.6.X...
> >
> > Kind regars
> > Karl Heinz Marbaise
> >
> > [1]: https://issues.apache.org/jira/browse/MNG-6298
> > [2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6298/
> >
> > [3]: https://issues.apache.org/jira/browse/MNG-6312
> > [2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6312/
> >
> >
> > On 13/01/18 17:09, Robert Scholte wrote:
> > > +1
> > >
> > > 3.5.3 has one 9/10 closed, 1 is in progress[1]
> > >
> > > 3.5.3-candidate have a couple of issues with pull request, so let's
> > > verify those.
> > > (ps. I'd like to move MNG-6096 forward, since there's no clear
> > > explanation how DefaultArtifactVersion is replaced)
> > >
> > > 3.5-x-candidate[3] most seem to be dependency management related, don't
> > > think this will ever end up in a 3.5.x release.
> > >
> > > thanks,
> > > Robert
> > >
> > > [1] https://issues.apache.org/jira/projects/MNG/versions/12341428
> > >
> > > [2] https://issues.apache.org/jira/projects/MNG/versions/12338968
> > >
> > > [3] https://issues.apache.org/jira/projects/MNG/versions/12338965
> > >
> > > On Sat, 13 Jan 2018 15:33:47 +0100, Stephen Connolly
> > > <st...@gmail.com> wrote:
> > >
> > >> 1 weeks notice before I declare a code freeze.
> > >>
> > >> If you want to identify release blockers reply here and i’ll assess
> how
> > >> long to hold up until they are fixed
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > > For additional commands, e-mail: dev-help@maven.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
-- 
Sent from my phone

Re: I think it’s time to push another core release...

Posted by Sylwester Lachiewicz <sl...@gmail.com>.

I would like to add dependency upgrde for maven-resolver, as soon as we can
have rel).
for resolver there is improvment to concurrent download poms - can have
positive impact on time.
I would also upgrade dep for maven-pom to 30 (as other plugins and utils
already had)

I have more fixes not published yet becouse I saw no progress to merging
other pull requests on Github yet.

sylwester

On Sat, 13 Jan 2018 at 18:43, Karl Heinz Marbaise <kh...@gmx.de> wrote:

> Hi,
>
> I would like to see in 3.5.3 if there are no objections:
>
> * MNG-6298 3.5.2: ClassNotFoundException:
> javax.annotation.security.RolesAllowed
> * MNG-6312 Update Maven Wagon dependency (based on CVE-2015-6748
> )
>
> * MNG-6326 Build continues when core extensions aren't found
>     WDYT ?
>
> * MNG-6096
>     I had the idea in mind to enhance the ComparableVersion
>     (change only from private to public to make parts accessible)
>     and enhance the implementation of DefaultArtifactVersion
>     based on that to get the correct information
>     from ComparableVersion which parses all the information
>     and handling all the different cases.
>     The same issue came up in versions-maven-plugin and
>     build-helper-maven-plugin (where I removed the usage of
>     DefaultArtifactVersion) to handle versions correctly
>     and in the same way as in Maven itself.
>     Maybe We can make a separate project to test
>     different ideas...and postpone the deprecation
>     to 3.6.X...
>
> Kind regars
> Karl Heinz Marbaise
>
> [1]: https://issues.apache.org/jira/browse/MNG-6298
> [2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6298/
>
> [3]: https://issues.apache.org/jira/browse/MNG-6312
> [2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6312/
>
>
> On 13/01/18 17:09, Robert Scholte wrote:
> > +1
> >
> > 3.5.3 has one 9/10 closed, 1 is in progress[1]
> >
> > 3.5.3-candidate have a couple of issues with pull request, so let's
> > verify those.
> > (ps. I'd like to move MNG-6096 forward, since there's no clear
> > explanation how DefaultArtifactVersion is replaced)
> >
> > 3.5-x-candidate[3] most seem to be dependency management related, don't
> > think this will ever end up in a 3.5.x release.
> >
> > thanks,
> > Robert
> >
> > [1] https://issues.apache.org/jira/projects/MNG/versions/12341428
> >
> > [2] https://issues.apache.org/jira/projects/MNG/versions/12338968
> >
> > [3] https://issues.apache.org/jira/projects/MNG/versions/12338965
> >
> > On Sat, 13 Jan 2018 15:33:47 +0100, Stephen Connolly
> > <st...@gmail.com> wrote:
> >
> >> 1 weeks notice before I declare a code freeze.
> >>
> >> If you want to identify release blockers reply here and i’ll assess how
> >> long to hold up until they are fixed
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>

Re: I think it’s time to push another core release...

Posted by Karl Heinz Marbaise <kh...@gmx.de>.

Hi,

I would like to see in 3.5.3 if there are no objections:

* MNG-6298 3.5.2: ClassNotFoundException: 
javax.annotation.security.RolesAllowed
* MNG-6312 Update Maven Wagon dependency (based on CVE-2015-6748
)

* MNG-6326 Build continues when core extensions aren't found
    WDYT ?

* MNG-6096
    I had the idea in mind to enhance the ComparableVersion
    (change only from private to public to make parts accessible)
    and enhance the implementation of DefaultArtifactVersion
    based on that to get the correct information
    from ComparableVersion which parses all the information
    and handling all the different cases.
    The same issue came up in versions-maven-plugin and
    build-helper-maven-plugin (where I removed the usage of
    DefaultArtifactVersion) to handle versions correctly
    and in the same way as in Maven itself.
    Maybe We can make a separate project to test
    different ideas...and postpone the deprecation
    to 3.6.X...

Kind regars
Karl Heinz Marbaise

[1]: https://issues.apache.org/jira/browse/MNG-6298
[2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6298/

[3]: https://issues.apache.org/jira/browse/MNG-6312
[2]: https://builds.apache.org/job/maven-wip/job/maven/job/MNG-6312/


On 13/01/18 17:09, Robert Scholte wrote:
> +1
> 
> 3.5.3 has one 9/10 closed, 1 is in progress[1]
> 
> 3.5.3-candidate have a couple of issues with pull request, so let's 
> verify those.
> (ps. I'd like to move MNG-6096 forward, since there's no clear 
> explanation how DefaultArtifactVersion is replaced)
> 
> 3.5-x-candidate[3] most seem to be dependency management related, don't 
> think this will ever end up in a 3.5.x release.
> 
> thanks,
> Robert
> 
> [1] https://issues.apache.org/jira/projects/MNG/versions/12341428
> 
> [2] https://issues.apache.org/jira/projects/MNG/versions/12338968
> 
> [3] https://issues.apache.org/jira/projects/MNG/versions/12338965
> 
> On Sat, 13 Jan 2018 15:33:47 +0100, Stephen Connolly 
> <st...@gmail.com> wrote:
> 
>> 1 weeks notice before I declare a code freeze.
>>
>> If you want to identify release blockers reply here and i’ll assess how
>> long to hold up until they are fixed
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

Re:I think it’s time to push another core release...

Posted by Robert Scholte <rf...@apache.org>.

+1

3.5.3 has one 9/10 closed, 1 is in progress[1]

3.5.3-candidate have a couple of issues with pull request, so let's verify  
those.
(ps. I'd like to move MNG-6096 forward, since there's no clear explanation  
how DefaultArtifactVersion is replaced)

3.5-x-candidate[3] most seem to be dependency management related, don't  
think this will ever end up in a 3.5.x release.

thanks,
Robert

[1] https://issues.apache.org/jira/projects/MNG/versions/12341428

[2] https://issues.apache.org/jira/projects/MNG/versions/12338968

[3] https://issues.apache.org/jira/projects/MNG/versions/12338965

On Sat, 13 Jan 2018 15:33:47 +0100, Stephen Connolly  
<st...@gmail.com> wrote:

> 1 weeks notice before I declare a code freeze.
>
> If you want to identify release blockers reply here and i’ll assess how
> long to hold up until they are fixed

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org