[security-dev] [PicketLink] - Version 2.5.0.Beta3 Released
Pedro Igor Silva
psilva at redhat.com
Wed May 29 13:38:07 EDT 2013
My bad guys. At least they're only parent poms, and people will usually search for libraries or use the BOM.
----- Original Message -----
From: "Pete Muir" <pmuir at redhat.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: "Anil Saldhana" <Anil.Saldhana at redhat.com>, security-dev at lists.jboss.org
Sent: Wednesday, May 29, 2013 2:18:52 PM
Subject: Re: [security-dev] [PicketLink] - Version 2.5.0.Beta3 Released
No
On 29 May 2013, at 18:17, Pedro Igor Silva <psilva at redhat.com> wrote:
> What about JBoss Nexus ? Can we at least fix there ?
>
> ----- Original Message -----
> From: "Pete Muir" <pmuir at redhat.com>
> To: "Anil Saldhana" <Anil.Saldhana at redhat.com>
> Cc: security-dev at lists.jboss.org
> Sent: Wednesday, May 29, 2013 12:19:55 PM
> Subject: Re: [security-dev] [PicketLink] - Version 2.5.0.Beta3 Released
>
> This can't be "fixed" in Maven Central, once an artefact is there, it is there.
>
> All we can do is ameliorate the problem via education.
>
> We do provide BOMs which specify a version of PicketLink to use, and recommend people always use the BOM, and don't specify the version directly. We also recommend not using version ranges. Finally, we need to be very clear on the project site about which versions to use.
>
> On 28 May 2013, at 15:16, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>
>> Hi Josef,
>> I think we will have to get it fixed in Maven central.
>>
>> Regards,
>> Anil
>>
>> On 05/28/2013 06:05 AM, Josef Cacek wrote:
>>> Hi *,
>>>
>>> how will we solve the "version hell" in Maven repositories?
>>>
>>> When the users search PicketLink in the Central for instance, they see 5.0.0-2013Jan16 as the latest.
>>>
>>> http://search.maven.org/#search%7Cga%7C1%7Cpicketlink-parent
>>>
>>> Similar problems come if an user specifies a version range in a Maven dependency:
>>>
>>> <dependency>
>>> <groupId>org.picketlink</groupId>
>>> <artifactId>picketlink-idm-impl</artifactId>
>>> <version>[2.5,)</version>
>>> </dependency>
>>>
>>> Best regards,
>>>
>>> -- josef
>>> Too brief? Here's why! http://emailcharter.org
>>>
>>> ----- Original Message -----
>>>> From: "Pedro Igor Silva" <psilva at redhat.com>
>>>> To: security-dev at lists.jboss.org
>>>> Sent: Monday, May 20, 2013 8:35:18 PM
>>>> Subject: [security-dev] [PicketLink] - Version 2.5.0.Beta3 Released
>>>>
>>>> Hi All,
>>>>
>>>> Today we released PicketLink 2.5.0.Beta3. For now on, PicketLink versions
>>>> will follow the v2.5.x series, as discussed in this list.
>>>>
>>>> Documentation can be obtained from:
>>>>
>>>> http://docs.jboss.org/picketlink/3/latest
>>>>
>>>> Issues for this version:
>>>>
>>>> https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310923&version=12321695
>>>>
>>>> Regards.
>>>> Pedro Igor
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list