TL;DR: Is there a way, and what is the correct one if there is, to prevent a package being downloaded from a particular repository (or lock it to being downloaded from a particular one, though I thought the answer to that one is "no")?
LR: Maven 3.8.6, JDK 1.8. I've run into this strange problem with com.github.jsonld-java:jsonld-java:0.13.4 The package includes fine as a dependency if it is downloaded from Maven Central: pom.xml: https://pastebin.com/qev5Udp2 Build output: https://pastebin.com/MzUVqWLt (pending moderation, LMK if you want me to attach that) The package fails to download as a dependency if it is downloaded from JitPack: pom.xml: https://pastebin.com/7L2rEWPz Build output: https://pastebin.com/U3StAtMZ AFAIU, there are two things that are "wrong" in this entire thing: a) Developer declared packaging as "bundle" (I'm not entirely sure that's wrong, but I don't see a reason for them to have done so, and it seems to be a contributing factor) b) JitPack/somebody republished the dependency as a virtual package that depends on itself, and broke this entirely. But what I don't understand is why the Maven's behavior is different in these two cases. NOT WORKING CASE: The package is found on JitPack, Maven is asked to get com.github.jsonld-java:jsonld-java:0.13.4 of type "bundle" by an explicit dependency statement. There is no such downloadable binary, so the entire process fails. WORKING CASE: The package is found on Central, Maven is asked to get com.github.jsonld-java:jsonld-java:0.13.4, without packaging specification. The packaging specification in the POM is "bundle". But Maven is satisfied with just downloading the JAR Few questions: - How come Maven is OK creating/uploading a package with "bundle" packaging, but without a "bundle" file? - How does Maven decide to download the .jar when the packaging says "bundle" in the POM, and is satisfied with that? - Is there a way to find out who published a package on JitPack, to get them to fix it? The developer didn't do that, that was done without their consent and/or them being made aware of it Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
