| [jakarta.ee-spec.committee] JACC Version Number Issue |
About the Version Number discussion for JACC, there is a caveat if it was put back to 1.5 with 1.6.1 residing in the same “jakarta.security.jacc“ Namespace (and to my Knowledge, you can’t delete existing artifacts from Sonatype/MavenCentral. Unlike its biggest competitor JFrog/Bintray/Artifactory Sonartype/MavenCentral has major issues with artifact queries and use cases like Version Badges or possibly worse build Tools like Gradle that allow you to specify a “latest“ Version placeholder. https://search.maven.org/search?q=g:jakarta.security.jacc shows the latest version is 1.6.1 even if you added another version like 1.5.0 or 1.6.0 at a later date. Bintray takes the release version into consideration, Sonatype doesn’t so unless the 1.6.1 one was kept there is a risk, tools and developers could be misled by those problems in the Sonatype Nexus infrastructure. We also faced that with JSRs like 385 where pre-releases like “2.0-EDR” or “2.0-PDR” are seen as newer than the final “2.0” release because they are alphabetically higher than “2.0”. It’s clearly a bug IMO but the maintainers of MavenCentral do not consider it a priority to fix it. Werner |