Hi Hervé,
On 30.07.2025 19:02, Hervé Boutemy wrote:
> for "Require at least 1 reviewer for approval before merging", IIUC it
> combines 2 steps:
> - reject direct commits to maintenance branches: require use of PR + merge
> - and PR requires more than self review
>
> I'm not absolutely against,
Hi Maarten,
On 30.07.2025 21:45, Maarten Mulders wrote:
> I'm curious, since we have bidirectional sync between GitHub and the
> Apache Gitbox. How effective would these measures be? Could one (a
> malevolent actor) perform a force-push against a branch on the Gitbox
> which would then nevertheles
Hi Tamás,
On 22.07.2025 at 11:22, you wrote:
Mimir - is currently an extension and provides global cache (solves same
problem as split repository, but is not as invasive and is hence, fully
compatible even in Maven3 land). It can be made part of resolver and could
be always present (and configur
Hi,
On 16.05.2025 22:48, Piotr Żygieło wrote:
> On Fri, 16 May 2025 at 22:37, Henning Schmiedehausen
> wrote:
>> Frankly, posting with a mail address of "me.com.invalid" makes me press
>
> schmiedehausen.org.invalid
>
> (https://lists.apache.org/api/source.lua?id=kf906zch8lho65q70s92gnw2p1wbt3o
Hi all,
In Log4j we have used OpenRewrite to fix several inconsistencies between
our 2.x and 3.x branches and to remove Java 8 patterns from our Java 17
code. I can sincerely recommend it.
While it is still work in progress, our migration guide from Log4j 1 to
Log4j 2 will contain OpenRewrite rec
Hi Matthias,
On 4.05.2025 08:57, Matthias Bünger wrote:
But due the high number of negative votes and brought up arguments, I
don't think we should ignore them but take them into consideration for
the benefit of the Maven community. Therefore I call the vote to be
non successful. We can reeval
Hi,
On 30.04.2025 15:12, Matthias Bünger wrote:
In a chat with several PMC, committers and contributors nobody saw
strong disadvantages on this. Therefore, I want to start the official
vote to set the minimal Java bytecode target of Maven-Core 4 to 21,
meaning Java 21 is required for Maven 4.
Hi Jeremy,
On 30.04.2025 18:26, Jeremy Landis wrote:
Because on a physical release, the deploy plugin is taken over by the central publishing
extension and cyclonedx relies on deploy, this flag was necessary
`false` for cyclonedx to deploy during
release.
The CycloneDX Maven Plugin is not t
Hi Martin,
On 1.04.2025 11:03, Martin Desruisseaux wrote:
Le 2025-04-01 à 10 h 49, Piotr P. Karwasz a écrit :
The https://github.com/nipafx/module-tooling/ repo seems to be
private. Is there any public place to follow the discussion?
Not as far as I know. The initiator of this discussion
Hi Martin,
On 1.04.2025 10:17, Martin Desruisseaux wrote:
I am also afraid that such a structure will really break IDEs:
Eclipse already breaks if there is a separate module descriptor for
tests, putting multiple JPMS modules in the same Maven Project will
probably also break IDEA.
Yes, it w
Hi Martin,
On 31.03.2025 19:40, Martin Desruisseaux wrote:
JPMS support in the compiler plugin (not yet merged) has reached a
point where it can be used on some real projects. The Maven 3 way to
make a modular project is still supported, but the proposed
alternative for better use of JPMS is d
Hi,
On 27.03.2025 17:44, Bear Giles wrote:
This makes it easy to update your dependencies - single point of truth -
but it doesn't necessarily apply to transient dependencies. This is
especially common if the transient dependency is resolved first since
(iirc) it will default to its own version
Hi,
On 29.03.2025 14:20, Enrico Olivelli wrote:
libraries that publish many artifacts that are meant to be used all with
the same version publish a BOM (Bill of Materials) and then you import it
in the dependencyManagement section
Like this:
https://github.com/FasterXML/jackson-bom
For comple
Hi all,
While I do like the simple rules of Maven 3 scopes[1], I often lack the
flexibility that Gradle's `api` and `implementation`[2] configurations
provide.
With the separation of build and consumer POMs it should be probably be
easy to have some `compile` dependencies in the build POM be
Hi,
On 28.02.2025 20:07, Matthias Bünger wrote:
and we loosely follow / recommend SemVer 1.0.0
https://maven.apache.org/guides/mini/guide-naming-conventions.html
and there (https://semver.org/spec/v1.0.0.html) its listed
>>
A pre-release version number MAY be denoted by appending an arbitrar
Hi,
I saw that more and more Maven plugins are releasing 4.x betas, which
sounds like great news.
Might I, however, suggest the usage of pre-release qualifiers of the
form `beta.` (with a dot) instead of `beta-` (with a hyphen)? This
would improve compatibility between Maven ordering and the
Hi Gary,
On 23.02.2025 22:27, Gary Gregory wrote:
On Sun, Feb 23, 2025, 15:00 Piotr P. Karwasz
wrote:
Regarding Maven dependencies, did you notice that Maven 3.9.x:
* depends on `maven-resolver-tranport-http` version 1.9.x (supported),
* which depends on HttpClient 4.5 (supported
Hi Gary,
On 23.02.2025 16:24, Gary Gregory wrote:
FWIW, a policy I would consider OK is something like "we support A and B
actively and would only consider a release of C for a severe security CVE,
but D is EOL and OB to further releases."
Yes, it would be nice to have a well-defined set of le
Hi Xeno,
On 11.02.2025 05:35, Xeno Amess wrote:
during recently learning about maven and maven-resolver, sometimes I really
think it better to have nullable/notnull annotations...
Why not use JSpecify[1] instead? It is not perfect (e.g. there is no
official list of tools that support it[2]),
Hi Xeno,
On 20.01.2025 05:01, Xeno Amess wrote:
org.apache.maven.plugins
maven-plugin-plugin
it can pass xsd check(maven-4.0.0.xsd), using dom4
Hi Benjamin,
On 21.12.2024 13:48, Benjamin Marwell wrote:
Hi Piotr, any news on this? You said you reached out to your palantir contacts?
The least they could do is to give access to some more devs...
Sorry for the delay, I have relaunched my request for info on the
project status.
Piotr
Hi Elliotte,
On 29.11.2024 13:27, Elliotte Rusty Harold wrote:
We should do that too in our poms to avoid the recurring and annoying
problems of forgetting to run spotless manually and consequently
having a meaningless break in the CI that needs to be investigated.
Integrated over all of us this
Hi Benjamin,
On 28.11.2024 20:31, Benjamin Marwell wrote:
I was not able to reach out to the maintainer. What should we do about it?
I have reached out to my Palantir contacts to see what is going on with
that project.
Input is appreciated. I found palantir/spotless very valuable and I
would
Hi Sławek,
On 22.11.2024 08:33, Slawomir Jaranowski wrote:
I'm working on maven-changes-plugin - this project hasn't been
released for a long time, so it is time to refresh it and release it.
I need to make changes in schema - the newer version of modello
doesn't support mixed tags - tags with
Hello,
While looking at differences in generated CycloneDX SBOMs[1] I
stumbled upon an incoherence in the way Maven builds models of a
project's dependencies.
On one hand the properties defined in a project have no effect on the
effective models of dependencies. For example in:
3.0.0-beta1
Hi Elliotte,
On Mon, 20 Feb 2023 at 19:51, Elliotte Rusty Harold wrote:
> I don't believe anyone reads most of these messages most of the time.
> In fact, I'd venture that well more than 99% of them are never read by
> anyone.
Some people started reading these after Log4Shell. On StackOverflow
q
Hi Elliotte,
On Sat, 11 Feb 2023 at 14:02, Elliotte Rusty Harold wrote:
> IMHO in 2023 the problem is that anything relies on a system dependent
> line.separator instead of explicitly specifying which bytes are
> output. I've fixed some instances of that antipattern over the years.
> Please file
Hi Romain,
On Fri, 10 Feb 2023 at 21:19, Romain Manni-Bucau wrote:
> Will likely not work until done on the jvm with line.separator system prop
> directly due to a lot of things or means you limit the plugins you use a
> lot so I think jvm.config is the way to go or you hack wrapper commited
> la
Hi,
At Log4j we have solved all the reproducibility problems mentioned on
the wiki page[1] and we are approaching the problem of reproducibility
between different OSes.
My goal is for the following procedure to work regardless of the
operating system of the user:
1. a user checks out a tagged re
29 matches
Mail list logo
