Re: Multi-repo experience

2023-08-31 Thread Tamás Cservenák
Or, ultimately, just release a BOM with all the related versions. And tie this BOM version release to the most frequent release, and adjust as needed. T On Thu, Aug 31, 2023 at 11:27 PM Tamás Cservenák wrote: > Mostly what matters is the release cadence (that is somewhat in line with > "what wo

Re: Multi-repo experience

2023-08-31 Thread Tamás Cservenák
Mostly what matters is the release cadence (that is somewhat in line with "what works with what'). Rule of thumb: if you have an artifact that SHOULD be released when another is released, keep it together. Otherwise, no need to tie them together (disclaimer: yes, there is all the clien side pain,

Re: Multi-repo experience

2023-08-31 Thread Volkan Yazıcı
*[Sorry for the late response. I was busy with incorporating your input into the attack plan document.]* Thanks so much for the pointers and the insight Hervé (and Romain!), much appreciated! For those interested, Log4j's motivation and proposals are shared in this `dev@logging` thread

Re: CVE-2021-26291 for plugin writers

2023-08-31 Thread Hervé Boutemy
in fact, whatever you do in your plugin POM, they are provided by Maven core at runtime (ignoring the precise version the plugin asked for) but marking them provided in your plugin pom.xml makes this fact more visible Regards, Hervé Le jeudi 31 août 2023, 03:15:15 CEST Jeremy Landis a écrit :