s for this release), given
> there is no relocation pom published for ant:ant:1.8.0, only for
> ant:ant:1.7.0
>
> Regards,
>
> Hervé
>
> Le mercredi 19 février 2020, 16:48:38 CET Jonathan Valliere a écrit :
> > Maybe we need to rework how this functionality works.
Maybe we need to rework how this functionality works. It should be
essentially a symlink with a warning message within the resolver so they
both resolve to the same artifact.
On Wed, Feb 19, 2020 at 8:58 AM Anders Hammar wrote:
> In real practice it doesn't work well though, as someone already
Feb 15, 2020 at 10:55 AM Jonathan Valliere
> wrote:
> >
> > How would changing the GroupID cause diamond dependencies? The builds
> > would just fail everywhere until the GroupID is updated in the pom files.
>
> No, they wouldn't. What happens is two artifacts get add
our security posture.
>
> On Thu, Feb 13, 2020 at 10:28 PM Jonathan Valliere
> wrote:
> >
> > Is there any kind of planned timeline to force compliance against old
> > projects?
> >
> > For example:
> >
> >- Force compliance
> >- Provid
Christian,
Those references are amazing and prove my point about the need to improve
the process to prevent imposters and other types of name collisions.
On Fri, Feb 14, 2020 at 1:35 AM Christian Stein wrote:
> On Fri, Feb 14, 2020 at 6:37 AM Manfred Moser
> wrote:
>
> > From the very start o
hen the world is nicely organized (groupId/artifactId),
> there
> > seems little to win here (and a lot to loose).
> >
> > Best regards, Sander.
> >
> >
> >
> > Sander Verhagen
> > [ san...@sanderverhagen.net<mailto:san...@sanderverhagen.net
ide.html
>
> https://central.sonatype.org/pages/requirements.html#correct-coordinates
>
> And the videos linked on the site in which I explain more as well.
>
> Manfred
>
>
> Jonathan Valliere wrote on 2020-02-13 17:06 (GMT -08:00):
>
> > I have been growing concerned about
I have been growing concerned about the process of allowing the creation of
GroupIDs, within the Maven Central repository, which do not adhere to the
naming guidelines. i.e. the GroupID must belong to a unique domain name
controlled by the project owner.
Even within the Apache family, there is no
