Or should we just require users to build w: -Dossindex.fail=false On Tue, Oct 29, 2019 at 11:38 AM Tim Allison <talli...@apache.org> wrote:
> All, > Now that we are using the ossindex-maven-plugin, there's an annoying > feature for folks trying to build earlier releases...namely they can't if a > new vulnerability has crept in since we made the release. > Is there a elegant way to handle this? My knuckle-dragger idea would be > to set it to "warn" for the tagged release as part of the release process, > and then turn it back to "fail the build" for our working branches. > Any better ideas? > > Cheers, > > Tim >
