Return-Path: X-Original-To: apmail-maven-dev-archive@www.apache.org Delivered-To: apmail-maven-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 39D6A110D0 for ; Mon, 2 Jun 2014 14:11:21 +0000 (UTC) Received: (qmail 18120 invoked by uid 500); 2 Jun 2014 14:11:20 -0000 Delivered-To: apmail-maven-dev-archive@maven.apache.org Received: (qmail 18045 invoked by uid 500); 2 Jun 2014 14:11:20 -0000 Mailing-List: contact dev-help@maven.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Maven Developers List" Reply-To: "Maven Developers List" Delivered-To: mailing list dev@maven.apache.org Received: (qmail 18034 invoked by uid 99); 2 Jun 2014 14:11:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Jun 2014 14:11:20 +0000 X-ASF-Spam-Status: No, hits=1.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of wangyf2010@gmail.com designates 209.85.160.49 as permitted sender) Received: from [209.85.160.49] (HELO mail-pb0-f49.google.com) (209.85.160.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Jun 2014 14:11:16 +0000 Received: by mail-pb0-f49.google.com with SMTP id jt11so4244687pbb.36 for ; Mon, 02 Jun 2014 07:10:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:message-id:mime-version:subject:date:references :to:in-reply-to; bh=FHu5VMuI5TgC/dUKn0JIa+JsSbfHjBirYThrptC2rVo=; b=cL+bj09td+uQj+i6gSC9ohdLQP0XSHONdl7civcu3f3yqng/c1UksGLIGJu7lt7nDJ 2w80VL9NjatOqgZCFTZVwnGJ/c0XFWTjlDDJVFgVhw6kdToJG8mGLJhaDkb9TkUKvsTd an8B7KKBp0teR5YP3iYybIcIDob3XEvuK/8xMqVfE/mL/LIx8eI707T44+oAWFiKLL1i CW4XiwASIkUUj2pQnUUBamJ39htGI9aaaWkmeiplCWlUMSAUoStzQrszI8felldX51tX UyCwO0effkSY34T8ID92ig4yBiv9QyIYZ25iuDjJlo+nX9P/3qafli3L3MOsaZHxSOoa AYPQ== X-Received: by 10.66.66.199 with SMTP id h7mr41519111pat.30.1401718255932; Mon, 02 Jun 2014 07:10:55 -0700 (PDT) Received: from [192.168.5.149] ([119.39.232.229]) by mx.google.com with ESMTPSA id xk3sm20731173pbb.65.2014.06.02.07.10.49 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 02 Jun 2014 07:10:55 -0700 (PDT) From: "Wang, Simon" Content-Type: multipart/alternative; boundary="Apple-Mail=_E9131405-6BD6-4DF6-B260-B3A997ABF990" Message-Id: <4B87A1FF-2E01-45AF-8E1B-7B482D16207A@gmail.com> Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: [GitHub] maven-enforcer pull request: [MENFORCER-193]: Add new rule: Banned... Date: Mon, 2 Jun 2014 22:16:18 +0800 References: <53871822.2080509@gmx.de> <59F98C18-9FD2-4F8C-A96F-F170D9D2FB5C@gmail.com> <5388C448.2010602@gmx.de> To: Maven Developers List , info@soebes.de In-Reply-To: <5388C448.2010602@gmx.de> X-Mailer: Apple Mail (2.1874) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_E9131405-6BD6-4DF6-B260-B3A997ABF990 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Thanks for your comments, Karl! I added document for this rule, please review it. https://github.com/apache/maven-enforcer/pull/13 About enhance the rule to detect repository entries in settings.xml/pom = independent of mirrorOf settings. I think it=92s out of scope for this rule, because this rule is trying = to detect whether current maven session contains banned repositories. mirrorOf is part of maven settings, and the result is: all banned = repositories are redirected to correct one. Then result is: current maven session hasn=92t invalid repositories of = course. I=92d prefer to note it in document, but hold enhancement to detect = pom/settings.xml only instead of maven session context. Regards Simon On May 31, 2014, at 1:47 AM, Karl Heinz Marbaise = wrote: > Hi Simon, >=20 > so after checking it i found the point... >=20 > I have defined mirrorOf * as usual in case of using a repository = manager...in my settings.xml which looks like the following: >=20 > > > nexus > * > http://.../nexus/.. > > >=20 > So with the above i can add as much repository entries in my settings > as well as in my pom.xml and the rule will NOT warning/break my build = with it...except if i explicitly exclude them in the mirrorOf via things = like this: >=20 > *,!WhatEver >=20 > This brings me to two points: >=20 > First: >=20 > It would be nice if you could add an appropriate documentation = (enforcer-rules/src/site/apt/) which exactly describes the differences = to the requireNoRepository rule and give a good examples of the use = cases which means not using mirrorOf as above etc. >=20 > After this enhancement of the patch (? submission to large for patch) = i would appreciate to pick up your patch(?) and add it to = extra-enforcer-rules (this will get a release faster i think) or may be = the default rules (after discussion on the dev list with the other = dev's) I don't know the exact procedure with such kind of submissions = without paper.... >=20 > Apart from the above you might can check if it's possible to > enhance the rule in that way to identify the repository entries in = settings.xml/pom independent of the mirrorOf settings (may be via an = option). >=20 >=20 > Kind regards > Karl-Heinz Marbaise > PS.: It's not necessary to quote the answers of the others here on the = dev list to posts cause obviously I'm subscribed on the dev list and I'm = following the discussion. >=20 > On 5/29/14 1:52 PM, Wang, Simon wrote: >> Hi, Karl, >>=20 >> Thanks for your comments. >>=20 >> I did dig into requireNoRepositories.html, the purpose for that rule = is: >> detect whether pom and pom=92s parents contains repositories = definition. >> That make sense to guide users to use correct convention (not define = repositories in pom files). >>=20 >> But =93BannedRepositories=94 is different purpose, it=92s just like = =93BannedDependencies=94. >> This rule is major for those =93maven repository migration=94 case. >> Some users used to have old repositories, those repositories might be = defined in pom.xml or settings.xml. >> This rule could benefit on these cases a lot. >> It will detect banned repositories from maven session context instead = of only pom.xml and parents. >>=20 >> After all, requireNoRepositories.html is trying to help users to = follow correct maven convention. >> but =93BannedRepositories=94 is trying to avoid misuse incorrect = repositories. Especially in enterprise environment. >>=20 >> Regards >> Simon >> On May 29, 2014, at 7:21 PM, Karl Heinz Marbaise = wrote: >>=20 >>> Hi Simon, >>>=20 >>>=20 >>> I have taken a look into your suggestions ....I have a couple of = thoughts about it ... >>>=20 >>> First there exists already a rule to avoid repositories = (http://maven.apache.org/enforcer/enforcer-rules/requireNoRepositories.htm= l) which can be used and is has an option >>> to allow particular repositories by using a white-list of allowed = repository based on the repository id. >>>=20 >>> like this: >>>=20 >>> >>> >>> codehausSnapshots >>> >>> ... >>> >>>=20 >>>=20 >>> So the question is why adding a complete new rule instead of = enhancing the existing by your idea using the url as identification for = the repository which i think is a really good idea...so users are not = able to forge the repository they use by using a different id only the = url is used to identify the allowed repositories. >>>=20 >>>=20 >>> Kind regards >>> Karl-Heinz Marbaise >>>=20 >>> = --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org >>> For additional commands, e-mail: dev-help@maven.apache.org >>>=20 >>=20 >>=20 >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org >> For additional commands, e-mail: dev-help@maven.apache.org >>=20 >>=20 >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org > For additional commands, e-mail: dev-help@maven.apache.org >=20 --Apple-Mail=_E9131405-6BD6-4DF6-B260-B3A997ABF990--