Re: [jakarta.ee-spec.committee] JACC Version Number Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakarta.ee-spec.committee] JACC Version Number Issue

From: "Kevin Sutter" <sutter@xxxxxxxxxx>
Date: Wed, 14 Aug 2019 13:40:38 -0500
Delivered-to: jakarta.ee-spec.committee@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakarta.ee-spec.committee>
List-help: <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec.committee>, <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakarta.ee-spec.committee>, <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=unsubscribe>

Werner,
It was decided on the call today that we would use the "proper" Jakarta GAV for Authorization. Thus, the "new" 1.5 version would be using these coordinates:

<groupId>jakarta.authorization</groupId>
<artifactId>jakarta.authorization-api</artifactId>

This is the only component that would get updated for the GAV (at this time). We are only doing this for this special exception.

---------------------------------------------------
Kevin Sutter
STSM, MicroProfile and Jakarta EE architect
e-mail: sutter@xxxxxxxxxx Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)
LinkedIn: https://www.linkedin.com/in/kevinwsutter

From: Werner Keil <werner.keil@xxxxxxx>
To: Jakarta specification committee <jakarta.ee-spec.committee@xxxxxxxxxxx>
Date: 08/14/2019 01:12 PM
Subject: [EXTERNAL] [jakarta.ee-spec.committee] JACC Version Number Issue
Sent by: jakarta.ee-spec.committee-bounces@xxxxxxxxxxx

About the Version Number discussion for JACC, there is a caveat if it was put back to 1.5 with 1.6.1 residing in the same “jakarta.security.jacc“ Namespace (and to my Knowledge, you can’t delete existing artifacts from Sonatype/MavenCentral.

Unlike its biggest competitor JFrog/Bintray/Artifactory Sonartype/MavenCentral has major issues with artifact queries and use cases like Version Badges or possibly worse build Tools like Gradle that allow you to specify a “latest“ Version placeholder.

https://search.maven.org/search?q=g:jakarta.security.jaccshows the latest version is 1.6.1 even if you added another version like 1.5.0 or 1.6.0 at a later date. Bintray takes the release version into consideration, Sonatype doesn’t so unless the 1.6.1 one was kept there is a risk, tools and developers could be misled by those problems in the Sonatype Nexus infrastructure.

We also faced that with JSRs like 385 where pre-releases like “2.0-EDR” or “2.0-PDR” are seen as newer than the final “2.0” release because they are alphabetically higher than “2.0”.

It’s clearly a bug IMO but the maintainers of MavenCentral do not consider it a priority to fix it.

Werner

_______________________________________________ jakarta.ee-spec.committee mailing list jakarta.ee-spec.committee@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/jakarta.ee-spec.committee

References:
- [jakarta.ee-spec.committee] JACC Version Number Issue
  - From: Werner Keil

Breadcrumbs