Return-Path: X-Original-To: apmail-maven-users-archive@www.apache.org Delivered-To: apmail-maven-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3F863107F2 for ; Mon, 5 Aug 2013 17:15:30 +0000 (UTC) Received: (qmail 52718 invoked by uid 500); 5 Aug 2013 17:15:26 -0000 Delivered-To: apmail-maven-users-archive@maven.apache.org Received: (qmail 52648 invoked by uid 500); 5 Aug 2013 17:15:26 -0000 Mailing-List: contact users-help@maven.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Maven Users List" Reply-To: "Maven Users List" Delivered-To: mailing list users@maven.apache.org Received: (qmail 52638 invoked by uid 99); 5 Aug 2013 17:15:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Aug 2013 17:15:24 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [160.83.44.129] (HELO loninmrp13.uk.db.com) (160.83.44.129) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Aug 2013 17:15:19 +0000 Received: from sdbo1103.uk.db.com (LONINMTP1103.uk.db.com [10.240.132.12]) by loninmrp13.uk.db.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r75HEwqI009904 for ; Mon, 5 Aug 2013 17:14:58 GMT In-Reply-To: References: To: "Maven Users List" Cc: Maven Users List MIME-Version: 1.0 Subject: Re: how to make the SVN release process more robust X-KeepSent: D43E6834:8862BDD6-80257BBE:005EAB10; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.5.3 September 15, 2011 From: Nathan Coast Message-ID: Date: Mon, 5 Aug 2013 18:14:55 +0100 X-MIMETrack: Serialize by Router on sdbo1103/DMGUK/DeuBaInt/DeuBa(Release 8.0.2 FP2 HF135|October 22, 2009) at 05/08/2013 18:14:58, Serialize complete at 05/08/2013 18:14:58 Content-Type: text/plain; charset="US-ASCII" X-Virus-Checked: Checked by ClamAV on apache.org Classification: Public I'm not sure that will help our problem as tags remain mutable. The tag checked out for release perform could still be corrupted. From: Stephen Connolly To: Maven Users List , Date: 05/08/2013 18:00 Subject: Re: how to make the SVN release process more robust The original behaviour was to tag the local working copy not the remote tree, so that you could release at any time without having to for e a "quiet" period on trunk. Then a bug in the neon transport for Subversion 1.5 or 1.6 (I cannot recall which) made tagging from working copies for https based repositories difficult for users. Now that serf is the default transport, perhaps we can switch back to the old behaviour? On Monday, 5 August 2013, Baptiste MATHUS wrote: > Hi, > > Well, as this is actually something that the SCM itself allows, I would > consider just forbidding on my svn server. > > This might be an interesting evolution though to be able to enforce this at > the maven-release-plugin (though unlikely to happen often since the three > usual commits actually happen very close to each others). > > Cheers > > > 2013/8/5 Nathan Coast > > > > Classification: Public > > > > Hi all, > > > > As SVN tags are simply a convention overlayed on top of SVN directories, > > SVN tags are therefore mutable. This opens the possibility that someone > > could inject code to a tag between the release:prepare and the > > release:perform phases. > > > > This would mean that the code checked out during release perform phase > > could be different from the code which was originally tagged. > > > > To close this potential loophole, I'm considering this solution: > > 1) Modify the behaviour within > > org.apache.maven.scm.provider.svn.svnjava.command.tag.SvnTagCommand to > > return the tag revision number via TagScmResult > > 2) Write the result to release.properties > > 3) Utilise the revision number within the checkout command (tag plus > > revision#) > > > > Does anyone have any alternate suggestion for how to solve this? > > > > Regards, > > Nathan > > > > > > > > > > --- > > > > This e-mail may contain confidential and/or privileged information. If > you > > are not the intended recipient (or have received this e-mail in error) > > please notify the sender immediately and delete this e-mail. Any > > unauthorized copying, disclosure or distribution of the material in this > > e-mail is strictly forbidden. > > > > Please refer to http://www.db.com/en/content/eu_disclosures.htm for > > additional EU corporate and regulatory disclosures. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org > > For additional commands, e-mail: users-help@maven.apache.org< javascript:;> > > > > -- > > Baptiste MATHUS - http://batmat.net > > Sauvez un arbre, > > Mangez un castor ! nbsp;! > > -- Sent from my phone --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@maven.apache.org For additional commands, e-mail: users-help@maven.apache.org