You are crearting jar hell by reusing the Apache package names under different Maven coordinates. Not a good idea IMO.
Gary On Wed, Apr 20, 2022, 15:27 Melloware <melloware...@gmail.com> wrote: > I did not the package names are the same I did this because I had > multiple clients complaining about Commons Beantutils 1.9.4 security > vulnerabilities and needed a public version of the code so it could be > scanned. Whenever the REAL BeanUtils2 is ever released to Maven Central > my clients can simply change their pom.xml back to org.apache versions > and they are a drop in. > > > On 4/20/2022 2:26 PM, sebb wrote: > > On Wed, 20 Apr 2022 at 18:54, Melloware <melloware...@gmail.com> wrote: > >> And and I have forked it and deployed to Maven Central > >> > >> <dependency> > >> <groupId>com.melloware</groupId> > >> <artifactId>commons-beanutils2</artifactId> > >> <version>2.0.0</version> > >> </dependency> > >> > > Did you change the package names? > > > > If not, there will be problems in the future if a project depends on > > both via different dependencies. > > > >> On 4/20/2022 10:12 AM, Xeno Amess wrote: > >>> Well I wonder should we give melloware (https://github.com/melloware) > a > >>> committer permission. > >>> > >>> Since: > >>> > >>> 1. he has quite some experience here, not a fresh hand. > >>> > >>> 2. he has ability to write/review good codes.(already several thousands > >>> lines in common-beanutils). > >>> > >>> 3. he has enough time and interest to refine beanutils. (This is the > most > >>> important, as it seems no committers want to develop beanutils...) > >>> > >>> Any thoughts? > >>> > >>> Gary Gregory <garydgreg...@gmail.com> 于2022年4月20日周三 21:00写道: > >>> > >>>> There isn't one; we are all volunteers here ;-) > >>>> > >>>> There is probably clean up to do, PRs, Jiras, releasing and synching > with > >>>> Commons Collections 4.5 first (probably). > >>>> > >>>> Gary > >>>> > >>>> On Wed, Apr 20, 2022, 07:21 Martin Aldrin > >>>> <martin.ald...@ericsson.com.invalid> wrote: > >>>> > >>>>> Hi, > >>>>> > >>>>> I wonder what the time plan for release of beanutils2 is. > >>>>> > >>>>> > >>>>> /Martin > >>>>> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
