You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Martin Desruisseaux <ma...@geomatys.com> on 2016/03/04 13:01:38 UTC
Does Maven Central has a mechanism for avoiding inappropriate package
names?
Hello all
Do we have a mechanism (e.g. notification by email) for watching if an
artifact staged for deployment at Maven Central contains classes in
packages of another project? More specifically, the "opengis.org" domain
name is owned by the Open Geospatial Consortium (OGC). This organization
defines interfaces under "org.opengis." packages, which are deployed on
Maven Central. Those interfaces were defined through a formal
standardization process. But I'm aware of a project (not an Apache one)
who created their own fork of "org.opengis." interfaces without
discussion with OGC and without renaming packages, and would like to
deploy to Maven Central. We already raised this issue with them, but I
would still like to be notified before someone try to publish classes in
"org.opengis." packages on Maven Central. Is it possible?
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Does Maven Central has a mechanism for avoiding inappropriate package names?
Posted by Manfred Moser <ma...@simpligility.com>.
It is theoretically possible to include this in the staging rules used in OSSRH and other pipelines.
However.. it would be against many valid use cases to enforce that.
E.g.
- fork a project to improve or fix but continue using the same package so that downstream usage is possible as replacement with a few bug fixes and improvements in place
- create an uber jar or an assembly that includes all the used libraries as an attached artifact
So to be honest... I very much doubt an enforcement like that will ever happen.
Everybody deploying to central only has access to their own namespace (via groupId (path) being validated)..
However.. this does not prevent you from taking other, potentially legal step. Although I would ask if its worth bothering...
Manfred
Martin Desruisseaux wrote on 2016-03-04 04:01:
> Hello all
>
> Do we have a mechanism (e.g. notification by email) for watching if an
> artifact staged for deployment at Maven Central contains classes in
> packages of another project? More specifically, the "opengis.org" domain
> name is owned by the Open Geospatial Consortium (OGC). This organization
> defines interfaces under "org.opengis." packages, which are deployed on
> Maven Central. Those interfaces were defined through a formal
> standardization process. But I'm aware of a project (not an Apache one)
> who created their own fork of "org.opengis." interfaces without
> discussion with OGC and without renaming packages, and would like to
> deploy to Maven Central. We already raised this issue with them, but I
> would still like to be notified before someone try to publish classes in
> "org.opengis." packages on Maven Central. Is it possible?
>
> Martin
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org