maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mickael Istria <mist...@redhat.com>
Subject Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
Date Tue, 04 Jun 2019 06:48:11 GMT
On Monday, June 3, 2019, Tibor Digana <tibordigana@apache.org> wrote:
>
> We are the maintainers.


Beware this kind of statements hurt the project and its community.


> Do you inherit from this project and you need dom4j as transitive
> dependency?


More or less yes. M2E embeds maven-archiver and transitive dependencies. We
don't want m2e to tweak the dependencies and we want m2e to not ship CVEs.
So we think.it's better to fix CVEs upstream and we imagined Maven would be
glad welcoming CVE fix contribution like people expect from any serious
project.

>

-- 
Mickael Istria
Eclipse IDE <https://www.eclipse.org/downloads/eclipse-packages/>
developer, for Red Hat Developers <https://developers.redhat.com/>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message