Hi All
Just following up on this. Has anyone had a chance to test a build of WildFly with
enforce-victims-rule 1.3? From my perspective I think it should be ready to use.
Thanks
David
This bug is now fixed in enforce-victims-rule 1.3, which was released
to
maven central today. This release also includes a range of performance
improvements, including caching, which significantly improves performance
after the first build of a given project. We have tested it with WildFly 8
on a system where build time without the plugin was 10 minutes. With the
plugin, the first build took 19 minutes, and all subsequent builds took 11
minutes.
Can you please rm -rf ~/.victims/ then update your POM to reference
enforce-victims-rule 1.3 and try again?
Thanks
David
> Thanks for reporting this issue. We suspect it is actually a bug in the
> victims library, as false negatives or artifacts that do not exist in the
> DB
> should simply pass inspection with no warning or failure. We've fixed the
> suspected bug and we're currently working on an updated release, I will
> respond to the list once that is complete so you can test.
>
> Thanks
> David
>
> > Yes, the build failed. This plugin can be configured to WARNING level
> > in the pom, but we then we won't catch the real problems. In the test
> > run, I just copied the pom snippet from
> >
https://github.com/victims/victims-enforcer
> >
> > In my case, the failed test project is
> >
https://github.com/jberet/jsr352/blob/master/test-apps/postConstruct/pom.xml,
> > which has just 1 direct dependency: an internal peer sub-module, which I
> > guess is not known to the scanner database. Probably that's why it
> > failed? But other similarlly-structured sub-modules passed (e.g.,
> >
https://github.com/jberet/jsr352/blob/master/test-apps/propertyInjection/...)
> >
> > Cheng
> >
> > On 5/29/13 9:55 AM, Brian Stansberry wrote:
> > > On 5/28/13 9:56 PM, Cheng Fang wrote:
> > >> The possible false negatives (as David mentioned in his original
> > >> email)
> > >> can also complicate otherwise successful builds. The following error
> > >> message might have been caused by gaps in the database, though
it's
> > >> not
> > >> clear which dependency it is complaining about.
> > >>
> > >> [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
> > >> Could not determine vulnerabilities for hash:
> > >>
8edd1a0bf70467791ec883b7452c21333e829ab714c83090f8328d8205f159f2669772dd66db01af60debd40402e994be7b08527e8f90211425567b52e6b9472
> > >>
> > > Does that fail the build, or is the problem limited to noise in the
> > > build log?
> > >
> >
> > _______________________________________________
> > wildfly-dev mailing list
> > wildfly-dev(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
>
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev