maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamás Cservenák <>
Subject Re: a cleaned up central repository?
Date Tue, 06 Oct 2009 07:59:38 GMT
Not to mention that these below are "formal" requirements only. Their
_presence_ is required, but nothing is said about their _content_.I can
publish a POM that will _have_ dependencies section, but how do we know that
the dependencies section is _correct_?

Also: license in POM. What license "name" is allowed? Are they keyed by by
license URL? Etc...

Many of these are pretty hard to determine in "machine way"....


On Tue, Oct 6, 2009 at 2:26 AM, Brian Fox <> wrote:

> On Mon, Oct 5, 2009 at 3:16 PM, Albert Kurucz <>
> wrote:
> > Brian,
> >
> >> Ok then, I assert they are all fine. Now you can provide a list and
> >> refute me ;-).
> > In this case (if they were all fine) here is your list:
> >
> > (But unfortunately they are not all fine.)
> >
> >> Seriously, the definition of "broken" depends on the observer.
> > True. This is why maybe there should be different "Good lists" and
> > users should be allowed to choose, depending on their taste.
> >
> >> Before we can
> >> "fix" anything "broken" we need to start by defining what you think is
> >> broken and why.
> >
> > One of the possible Definitions of "Good list", which I would like
> > call "Maven Central Compliance" is defined here:
> >
> > If artifacts are on Central which are not on this list (which list
> > should really be realized soon), I don't mind, as long as I could
> > search or filter by this list.
> > You cannot objectively define what is "broken" only if you specify
> > which Lists you are talking about. Do you mean, the "Maven Central
> > Compliance" list?
> I assume you mean this list of requirements?
> There are some requirements for the minimal information in the POMs
> that are in the central repository. At least these must be present:
> modelVersion
> groupId
> artifactId
> packaging
> name
> version
> description
> url
> licenses
> scm url
> dependencies
> I don't think that I would consider things broken simply because the
> name, description, url, scm url where missing. I would be annoyed but
> not surprised if the license wasn't populated correctly. So if you're
> saying you want to exclude everything from your build simply because
> one of those are missing, then I think we fundamentally disagree. Yes
> it would be nice if those were filled in properly but none of those
> reduce the usefulness of users to a point where they simply should be
> treated like they don't exist.
> I consider things broken if the pom doesn't parse, the dependencies
> are wrong (again subject to perspective in some cases), the gav isn't
> correct, the checksums or signatures are broken. Otherwise from a
> repository perspective they are not broken.
> If you attempt to enumerate all the things in central that match all
> of those values above and build a repo of only those, it will be a
> nearly useless repo.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message