Casey Brooks
02/03/2021, 5:17 PMtddmonkey
02/03/2021, 5:23 PMJurriaan Mous
02/03/2021, 5:26 PMaltavir
02/03/2021, 5:29 PMRobert Jaros
02/03/2021, 5:30 PMaltavir
02/03/2021, 5:30 PMCasey Brooks
02/03/2021, 5:31 PMJurriaan Mous
02/03/2021, 5:33 PMaltavir
02/03/2021, 5:34 PMVampire
02/03/2021, 5:47 PMCasey Brooks
02/03/2021, 5:48 PMjlleitschuh
02/03/2021, 5:50 PMVampire
02/03/2021, 5:51 PMcom.github.<user>
libraries published on Maven Centralaltavir
02/03/2021, 5:52 PMVampire
02/03/2021, 5:53 PMcom.github.whatever
also don't own that domainaltavir
02/03/2021, 5:54 PMCasey Brooks
02/03/2021, 5:55 PMyou must choose a groupId for a domain that you own, or for which you are the designated maintainer on behalf of the ownerhttps://central.sonatype.org/pages/producers.html#individual-projects-open-source-software-repository-hosting-ossrh
jlleitschuh
02/03/2021, 5:56 PMCasey Brooks
02/03/2021, 5:56 PMio.github.whatever
groupId. It’s long, ugly, and would be a breaking change for the consumers of the dependency if it wasn’t using that alreadyVampire
02/03/2021, 6:00 PMLeoColman
02/03/2021, 6:02 PMVampire
02/03/2021, 6:03 PMVersions submited to Maven Central can never be replaced thoWhich usually is a good thing imho 🙂
LeoColman
02/03/2021, 6:05 PMmagnumrocha
02/03/2021, 6:17 PMaltavir
02/03/2021, 6:19 PMmagnumrocha
02/03/2021, 6:21 PMaltavir
02/03/2021, 6:21 PMVampire
02/03/2021, 6:23 PMKirill Grouchnikov
02/03/2021, 6:54 PMserebit
02/03/2021, 6:56 PMaltavir
02/03/2021, 6:58 PMpawegio
02/03/2021, 8:26 PMkpgalligan
02/04/2021, 12:19 AMKirill Grouchnikov
02/04/2021, 12:53 AMjlleitschuh
02/04/2021, 2:55 AMKirill Grouchnikov
02/04/2021, 2:59 AMjlleitschuh
02/04/2021, 3:01 AMCLOVIS
02/04/2021, 7:56 AMseb
02/04/2021, 8:58 AMaltavir
02/04/2021, 8:59 AMseb
02/04/2021, 8:59 AMmikehearn
02/04/2021, 10:29 AMaltavir
02/04/2021, 10:35 AMmikehearn
02/04/2021, 10:43 AMseb
02/04/2021, 10:46 AMDoes anyone really need centralised coordinate mapping? Repos don’t provide discovery, the web does that. People find libraries by googling or finding them on GitHub, word of mouth, blogs etc.That’s what we’re mostly doing at Package Search, too.
mikehearn
02/04/2021, 10:50 AM<https://foo.com/86abfc9eb0dbdcdff706c331c29c8bf42eadc96827b0976d11ac3b90a9c60c2a.sha256/whatever.pom>
)com.foo:bar:1.2.3
string. The URL becomes self-authenticating. This is better because the project docs are the root of trust anyway.altavir
02/04/2021, 10:51 AMmikehearn
02/04/2021, 10:57 AMseb
02/04/2021, 11:03 AMmikehearn
02/04/2021, 11:06 AMseb
02/04/2021, 11:06 AMmikehearn
02/04/2021, 11:09 AMseb
02/04/2021, 11:12 AMmikehearn
02/04/2021, 11:13 AMseb
02/04/2021, 11:14 AMmikehearn
02/04/2021, 11:14 AMseb
02/04/2021, 11:15 AMmikehearn
02/04/2021, 11:16 AMseb
02/04/2021, 11:16 AMmikehearn
02/04/2021, 11:16 AMseb
02/04/2021, 11:16 AMmikehearn
02/04/2021, 11:21 AMmagnumrocha
02/04/2021, 11:22 AMseb
02/04/2021, 11:23 AMmikehearn
02/04/2021, 11:27 AMseb
02/04/2021, 11:28 AMKirill Grouchnikov
02/04/2021, 1:59 PMmagnumrocha
02/04/2021, 2:00 PMaltavir
02/04/2021, 2:01 PMseb
02/04/2021, 2:04 PMKirill Grouchnikov
02/04/2021, 2:17 PMVampire
02/04/2021, 2:55 PMhfhbd
02/04/2021, 3:30 PMaltavir
02/04/2021, 3:30 PMVampire
02/04/2021, 3:43 PMzsmb
02/04/2021, 4:23 PMVampire
02/04/2021, 4:34 PMBig Chungus
02/04/2021, 4:34 PMzsmb
02/04/2021, 4:47 PMtddmonkey
02/04/2021, 4:49 PMio.codearte.nexus-staging
and de.marcphilipp.nexus-publish
plugins made it so much easier than doing alot by handCLOVIS
02/04/2021, 4:53 PMimplementation(url("url-with-the-new-system", hash = "...", version = "..."))
that finds the pom file from the URL (and checks the hash, etc, without using the repositories
block) and just feeds it to the next part of the internal pipeline. This way, the new system could get swapped-in as libraries expose a compatible coordinate with almost no changes to the configuration (and since it would allow anyone to publish to their own servers, it would be easier than jCenter or similar).
The main downside would be that anyone with a Maven/Gradle version from before the system was implemented would not be able to pull a dependency that only has the new system, including transitive dependencies, but that's kind of the whole “you can slowly replace Java by Kotlin” thing, and as long as it's done slowly and libraries provide both schemes at first, should be doable.
Group IDs wouldn't be coordinates anymore, but we can keep using them as documentation (much like Java packages are not a proof of ownership, but just a namespace), so apart from the “find the correct pom file”, almost all of Gradle wouldn't need to be modified.
Another problem would be repos disappearing, but if there's project identification (via a hash, or a GPG signature, or whatever) it would be quite easy for anyone to copy the whole artifact on their own server, and any user could be sure it's the correct one (because the hash is the same).Vampire
02/04/2021, 5:02 PMAnother problem would be repos disappearing, but if there's project identification (via a hash, or a GPG signature, or whatever) it would be quite easy for anyone to copy the whole artifact on their own server, and any user could be sure it's the correct one (because the hash is the same).Which is a pretty big problem, as history builds are broken then. Of course builds using jcenter will also have broken history builds now, unless you use an init script or whatever to adjust the repository declaration. But with one or two big central repositories that are meant to stay, it is much more unlikely that this will happen. With using custom URLs, the risk that those go down is tremendously higher and experience shows that after 2-3 years many of them will be gone for good.
ivy
repository with a custom pattern layout.
You can even configure it to not look for metadata but to just use the jar
that was found if that is what you want.mikehearn
02/04/2021, 5:23 PMVampire
02/04/2021, 5:24 PMmikehearn
02/04/2021, 5:29 PMVampire
02/04/2021, 5:32 PMflatDir
repository alreadymikehearn
02/04/2021, 5:35 PMKirill Grouchnikov
02/04/2021, 5:49 PMJames Richardson
02/04/2021, 6:34 PMephemient
02/04/2021, 6:52 PMmikehearn
02/04/2021, 6:55 PMCLOVIS
02/04/2021, 8:04 PMRobert Jaros
02/05/2021, 9:57 AMJilles van Gurp
02/05/2021, 10:01 AMVampire
02/05/2021, 10:04 AMRobert Jaros
02/05/2021, 11:34 AMMichal Klimczak
02/05/2021, 11:45 AMRobert Jaros
02/05/2021, 11:47 AMzsmb
02/05/2021, 12:38 PMseb
02/05/2021, 1:55 PMVampire
02/05/2021, 2:09 PMI thought Bintray was buggy ... but Sonatype Nexus is a nightmare! I'm trying to publish a tiny project with a few artifacts and I have a lot of timeouts from gradle and duplicate broken staging repos over and over again. And the whole process is so sloooow. I'm starting to wonder how I manage to publish KVision with more than 600 artifacts ...It happens sometimes, that uploads are slow or are not working, but usually it works just fine. Probably mainly a problem of being flooded right now due to the announcement. If you use Gradle you should make sure to use the https://github.com/marcphilipp/nexus-publish-plugin/ which will explicitly create a staging repository up-front so that you don't have the problem of split staging repos and especially so if you use the https://github.com/Codearte/gradle-nexus-staging-plugin plugin to automate the repository closing that then also is told that staging repos id explicitly and does not need to use heuristics that depen on there being exactly one open staging repository.
stephanmg
02/05/2021, 4:14 PMjlleitschuh
02/05/2021, 4:16 PMstephanmg
02/05/2021, 5:13 PMseb
02/06/2021, 9:48 AMMichal Klimczak
02/06/2021, 10:37 AMVampire
02/06/2021, 11:23 AMNikky
02/07/2021, 3:52 PMlocation /mavenupload/ {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
alias /usr/share/nginx/data/maven/; # locaction of /maven on disk
client_max_body_size 100M;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_access user:rw all:r;
create_full_put_path on;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /maven/ {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
upload to /mavenupload
and access /maven
for packages
but i wish github packages or something central, but easier to use than bintray/jcenter would exist
i am not going to bother with mavencentral for a while myselfVampire
02/07/2021, 6:17 PMtddmonkey
02/09/2021, 8:06 AMseb
02/09/2021, 8:15 AMtddmonkey
02/09/2021, 8:16 AMseb
02/09/2021, 8:17 AMVampire
02/22/2021, 11:12 PMzsmb
02/23/2021, 8:25 AM