[
https://issues.apache.org/jira/browse/MNG-7052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290776#comment-17290776
]
Herve Boutemy edited comment on MNG-7052 at 2/25/21, 8:48 AM:
--------------------------------------------------------------
jumping in because I was hit by MNG-7051 changing rules *for profile ids*,
reusing the same "validateId" method that existed before
I think that profile ids are another beast than other ids (which are used to
validate artifactid, groupid, etc...)
profile ids should be checked against invalid first character like + and -,
then let them quite free
and for other ids, if we want to change the checks, we should list what is
checked precisely, and define the benefit of breaking things now, after near 20
years of artifactids, groupids, and I don't know where we currently check with
"validateId"
I really think we are conflating 2 completely separate issues:
1. issue created by checking profile id in MNG-7051, which they were not
checked before
2. an idea to make existing checks against ids more strict: I don't know if
there are concrete cases of people doing dumb choices, and I don't know which
ids it covers = what has to be defined first (= currently what calls
https://github.com/apache/maven/blob/master/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
, but maybe someone will want to check more thatn what is currently checked,
when I see ides about checking Modello id)
was (Author: hboutemy):
jumping in because I was hit by MNG-7051 changing rules *for profile ids*,
reusing the same "validateId" method that existed before
I think that profile ids are another beast than other ids (which are used to
validate artifactid, groupid, etc...)
profile ids should be checked against invalid first character like + and -,
then let them quite free
and for other ids, if we want to change the checks, we should list what is
checked precisely, and define the benefit of breaking things now, after near 20
years of artifactids, groupids, and I don't know where we currently check with
"validateId"
I really think we are conflating 2 completely separate issues:
1. issue created by checking profile id in MNG-7051, which they were not
checked before
2. an idea to make existing checks against ids more strict: I don't know if
there are concrete cases of people doing dumb choices, and I don't know which
ids it covers = what has to be defined first
> Do not allow symbols as first character of identifiers in the POM
> -----------------------------------------------------------------
>
> Key: MNG-7052
> URL: https://issues.apache.org/jira/browse/MNG-7052
> Project: Maven
> Issue Type: Improvement
> Components: core
> Reporter: Martin Kanters
> Priority: Major
> Labels: up-for-grabs
> Fix For: 4.0.x-candidate
>
>
> In the {{DefaultModelValidator}} we currently validate identifiers against
> {{a-zA-Z0-9-_.}}
> Since Maven also allows operators to be used against an identifier, this can
> result in bugs or at least unexpected behavior for the user.
> The minus operator can be used to deactivate a certain profile, so an example
> would be:
> - A project having a profile with the id {{-id-of-profile}}
> - A Maven invocation of {{mvn <goal> -P-id-of-profile}}.
> The release of Maven 4 is a nice opportunity to restrict the first character
> of an id to be {{a-zA-Z0-9}} . The other characters may still consist of
> those symbols.
> This should apply to all identifiers that we support. The methods that need
> attention are:
> {{DefaultModelValidator#validateId}} and
> {{DefaultModelValidator#validateIdWithWildcards}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
