mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Naveen Swamy <mnnav...@gmail.com>
Subject Re: Malformed package uploaded to Maven central
Date Fri, 21 Dec 2018 19:43:54 GMT
I don't think they will disable PUT because some projects might be manually
uploading artifacts.
Here is the ticket i created :
https://issues.apache.org/jira/browse/INFRA-17489

On Fri, Dec 21, 2018 at 10:23 AM Frank Liu <frankfliu2000@gmail.com> wrote:

> If the release procedure is always push to staging and manually promote
> from staging to release, the nexus2 repo should be configured to forbidden
> direct push to release repo.
>
> It currently allows upload files directly via HTTP PUT (works with curl
> command).
> What Qing executed is a simple mvn deploy:deploy-file task in the maven
> which point to https://repository.apache.org/content/repositories/releases
>
> Thanks,
> Frank
>
> On Fri, Dec 21, 2018 at 9:59 AM Naveen Swamy <mnnaveen@gmail.com> wrote:
>
> > Hi Qing,
> >
> > Thanks for bringing this to the attention of the community. I understand
> it
> > was an unintended consequences of publish experiment. I will raise a
> INFRA
> > ticket to remove this package from the releases repo.
> > Could you please file a GitHub issue or MXNet JIRA and mention the
> commands
> > you executed so we can request INFRA to not let packages be published
> > directly to releases without going through the process of deploying to
> > STAGING and then test/close the package to Releases ?
> >
> > Thanks, Naveen
> >
> > On Thu, Dec 20, 2018 at 5:01 PM Qing Lan <lanking520@live.com> wrote:
> >
> > > Dear Community,
> > >
> > > Recently I tried to improve the Maven automated publish procedure and
> > > tested publish the package. However, I accidently used maven to upload
> a
> > > package to a close release branch:
> > >
> >
> https://repository.apache.org/#nexus-search;gav~org.apache.mxnet~~1.5.0~~/
> > > <
> >
> https://repository.apache.org/#nexus-search;gav~org.apache.mxnet~~1.5.0~~
> > >.
> > > However, it seemed that I didn’t have the access to remove this package
> > > since it is controlled by Maven central. In this case, I regretfully
> > > request a PMC/PPMC member to file an Apache Infra ticket to remove this
> > > package from there so it won’t influence the current maven users to
> > > download them. The influence is limited to OSX users who are using
> > official
> > > releases of MXNet Scala/Java packages.
> > >
> > > I apologize for this act and won’t do any more risky experiment until I
> > am
> > > fully aware of the consequence of it.
> > > Qing
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message