reconfiguring ossindex-maven-plugin for releases?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

reconfiguring ossindex-maven-plugin for releases?

Tim Allison
All,
  Now that we are using the ossindex-maven-plugin, there's an annoying
feature for folks trying to build earlier releases...namely they can't if a
new vulnerability has crept in since we made the release.
  Is there a elegant way to handle this?  My knuckle-dragger idea would be
to set it to "warn" for the tagged release as part of the release process,
and then turn it back to "fail the build" for our working branches.
  Any better ideas?

      Cheers,

              Tim
Reply | Threaded
Open this post in threaded view
|

Re: reconfiguring ossindex-maven-plugin for releases?

Tim Allison
Or should we just require users to build w:  -Dossindex.fail=false

On Tue, Oct 29, 2019 at 11:38 AM Tim Allison <[hidden email]> wrote:

> All,
>   Now that we are using the ossindex-maven-plugin, there's an annoying
> feature for folks trying to build earlier releases...namely they can't if a
> new vulnerability has crept in since we made the release.
>   Is there a elegant way to handle this?  My knuckle-dragger idea would be
> to set it to "warn" for the tagged release as part of the release process,
> and then turn it back to "fail the build" for our working branches.
>   Any better ideas?
>
>       Cheers,
>
>               Tim
>
Reply | Threaded
Open this post in threaded view
|

Re: reconfiguring ossindex-maven-plugin for releases?

Eric Pugh-4
I think especially if you documented that option in the Readme.  

I actually ran into the same issue when I ran “mvn eclipse:eclipse”, and had to add that parameter to get my Eclipse config files built!


> On Oct 29, 2019, at 11:40 AM, Tim Allison <[hidden email]> wrote:
>
> Or should we just require users to build w:  -Dossindex.fail=false
>
> On Tue, Oct 29, 2019 at 11:38 AM Tim Allison <[hidden email]> wrote:
>
>> All,
>>  Now that we are using the ossindex-maven-plugin, there's an annoying
>> feature for folks trying to build earlier releases...namely they can't if a
>> new vulnerability has crept in since we made the release.
>>  Is there a elegant way to handle this?  My knuckle-dragger idea would be
>> to set it to "warn" for the tagged release as part of the release process,
>> and then turn it back to "fail the build" for our working branches.
>>  Any better ideas?
>>
>>      Cheers,
>>
>>              Tim
>>

_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>  
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.