Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakarta.ee-spec.committee] JACC Version Number Issue

Werner,
It was decided on the call today that we would use the "proper" Jakarta GAV for Authorization.  Thus, the "new" 1.5 version would be using these coordinates:

<groupId>jakarta.authorization</groupId>
<artifactId>jakarta.authorization-api</artifactId>


This is the only component that would get updated for the GAV (at this time).  We are only doing this for this special exception.


---------------------------------------------------
Kevin Sutter
STSM, MicroProfile and Jakarta EE architect
e-mail:  sutter@xxxxxxxxxx     Twitter:  @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)    
LinkedIn:
https://www.linkedin.com/in/kevinwsutter



From:        Werner Keil <werner.keil@xxxxxxx>
To:        Jakarta specification committee <jakarta.ee-spec.committee@xxxxxxxxxxx>
Date:        08/14/2019 01:12 PM
Subject:        [EXTERNAL] [jakarta.ee-spec.committee] JACC Version Number Issue
Sent by:        jakarta.ee-spec.committee-bounces@xxxxxxxxxxx



About the Version Number discussion for JACC, there is a caveat if it was put back to 1.5 with 1.6.1 residing in the same “jakarta.security.jacc“ Namespace (and to my Knowledge, you can’t delete existing artifacts from Sonatype/MavenCentral.

 

Unlike its biggest competitor JFrog/Bintray/Artifactory Sonartype/MavenCentral has major issues with artifact queries and use cases like Version Badges or possibly worse build Tools like Gradle that allow you to specify a “latest“ Version placeholder.

 

https://search.maven.org/search?q=g:jakarta.security.jaccshows the latest version is 1.6.1 even if you added another version like 1.5.0 or 1.6.0 at a later date. Bintray takes the release version into consideration, Sonatype doesn’t so unless the 1.6.1 one was kept there is a risk, tools and developers could be misled by those problems in the Sonatype Nexus infrastructure.

 

We also faced that with JSRs like 385 where pre-releases like “2.0-EDR” or “2.0-PDR” are seen as newer than the final “2.0” release because they are alphabetically higher than “2.0”.

It’s clearly a bug IMO but the maintainers of MavenCentral do not consider it a priority to fix it.

 

Werner

 _______________________________________________
jakarta.ee-spec.committee mailing list
jakarta.ee-spec.committee@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec.committee



Back to the top