Where is Apache Commons Email 1.6-SNAPSHOT? - maven

The project's homepage at (https://commons.apache.org/proper/commons-email/) has 1.6-SNAPSHOT as the latest version, published on February 26 2018. Their dependency information page (https://commons.apache.org/proper/commons-email/dependency-info.html) also states that it should be available in Maven central. But when I tried using the exact dependency configuration they gave (compile 'org.apache.commons:commons-email:1.6-SNAPSHOT'), Gradle doesn't find the artifact. Searching the Maven Central repository gives 1.5 as the latest version: https://mvnrepository.com/artifact/org.apache.commons/commons-email. Even going to Apache Commons Email downloads page still only leads you to 1.5. I can't seem to find the source for 1.6 anywhere, and all searches only point to documentation for 1.6. Anyone know what's going on here? I'd understand if this was just released and it wasn't pushed to the repositories yet, but it's been months...

The version listed on the projects home page is not the version of the jars to download, but the version of the homepage (which is built by Maven).
You should use "the current release 1.5".

Related

Maven Central vs Other Repos?

On the maven centrral, I can see several other Repositories available for some of the libraries. For example - Apache Common BeanUtils is available in Central, Redhat GA, JBoss 3rd-party etc. The library name changes as well. For example, Maven CCentral has versions like 1.9.4, however Redhat GA has versions like - 1.9.3.redhat-1.
Click on this URI to see the details.
https://mvnrepository.com/artifact/commons-beanutils/commons-beanutils
My question is - What is the difference between Repo marked as Central and "Redhat GA"?
Attaching an image of :Maven GA; repo as well here.
Re:
My question is - What is the difference between Repo marked as Central and "Redhat GA"?
From here: https://access.redhat.com/maven-repository
"Redhat GA" is the general availability JBoss Enterprise Maven Repository.
And the page also mentions:
Artifacts in the repository do not receive automated security patches as Maven requires that artifacts be immutable. As a result, artifacts that are missing patches for known security flaws will remain in the repository to avoid breaking builds that depend on them. Patched artifacts have their version number incremented.
If you checkout the README at the repository: https://maven.repository.redhat.com/ga/README.md
This archive contains Maven repository artifacts for JBoss WFK 2. This is meant
to be used as additional Maven repository in development environment with
JBoss EAP 6 Maven repository.
So it seems Redhat GA versions are patched versions of Maven Central artifacts, specifically to support JBoss WFK.
My guess is that the patches correct security flaws in the base Maven Central artifact.
Re:
For example, Maven CCentral has versions like 1.9.4, however Redhat GA has versions like - 1.9.3.redhat-1.
For this example, my guess is that 1.9.3.redhat-1 is a security patched version of 1.9.3 from Maven Central.
Re: (comment above)
how safe is to use version of a library from other Repos (for example-Redhat in this case) than Central? Or what are the scenarios when an Enterprise application should use a library from other Repos than Maven Central?
If you need a security-hardened version of a specific Maven Central version, but you can't upgrade to a later version from Maven Central (for any reason: risk, incompatibilities, one does not exist, etc) - the Red Hat version might be a solution.
As to whether it's safe, it's up to whether you trust RedHat vs Maven vs any other organization providing open source.

Does the latest version of a plugin include snapshots?

in the documentation of maven is written
You'll notice that all plugins in Maven look much like a dependency -
and in some ways they are. This plugin will be automatically
downloaded and used - including a specific version if you request it
(the default is to use the latest available).
Source: https://maven.apache.org/guides/getting-started/index.html#How_do_I_use_plugins
Does "the default is to use the latest available" include snapshots or not?

Java3D Maven Repository for 1.5.2

I'm at my wit's end trying to get Java3D working with Maven. The latest version in the Maven core repository is 1.3.1, but there don't seem to be any 64-bit dll files (without installers) that will work with such an early version! It seems that the 1.5.2 dll I donwloaded is incompatible (unsurprisingly).
Does anyone know of a repository that has at least version 1.4.0?
Otherwise, looks like I'm going to have to learn JOGL instead and change all my code.
Rather make a request for enhancement. Maybe we could publish Maven on Maven Central or at least in our development repository. Please check whether you're using Java 3D 1.6, look at that if you don't know how to install it.

How to manage Tycho / EAP versioning correctly

I have an Eclipse 4 project that is built using Tycho (0.19.0) and Maven (3.0-5)
During development of a version, say 1.0.0, the artifacts are configured with version 1.0.0-SNAPSHOT, and 1.0.0.qualifier depending on the files. When I want to release the version, I use the tycho-versions:set-version goal to change from 1.0.0-SNAPSHOT to 1.0.0.
I then build and copy the product to a remote share that publishes an update site so that older versions can be upgraded automatically at launch time.
Since I have some beta testers, I use more that one update site. One contains the stable versions, and my beta testers have one more update site to check at startup. The other one is actually an update site for snapshots that I have published, so those are not released versions of the product.
What I am experiencing seems strange: When the 1.0.0 application starts, it finds the previous snapshot (versioned 1.0.0.201312191455), thinks that those artifacts are more recent and updates itself back to an older version.
I'm guessing that Eclipse's version conventions state that x.y.z is older than x.y.z.u. Is that correct?
If so, then why does the tycho versions plugin remove the qualifier when a versions changes from snapshot to "release"? Doing so seems to make the artifacts look older than any of the snapshots. What's the correct way to handle this situation?
The answer was given in the tycho mailing list some time ago:
http://dev.eclipse.org/mhonarc/lists/tycho-user/msg01001.html
The details:
OSGi does not have a notion of "snapshot" versions, all versions are
treated the same and 1.0.0.qualifier is indeed considered to be newer
than 1.0.0.
There are two versioning schemes that result is reasonable behaviour
both for OSGi and Maven.
Use the same four part version (eg., 1.0.0.20111112-0735) for both Maven
and OSGi. This results in slightly odd version jump when going from
snapshots to releases on the maven side, i.e. 1.0.0-SNAPSHOT goes to
1.0.0.20111112-0735, but everything works otherwise.
Use even/odd convention to version snapshots and releases, i.e.
1.0.1-SNAPSHOT/1.0.1.qualifier is released as 1.0.2/1.0.2.
I think it is also possible to decouple maven and osgi versions of
released artifacts, i.e. use 1.0.0 for maven and 1.0.0.20111112-0735 for
OSGi, but personally I find this confusing and would not recommend. And
I am not sure if Tycho will allow this in the future.
--
Regards,
Igor

How can I build HornetQ from source?

I'm not new to maven. but I don't know why my maven use 1.1.1 version of maven-plugin, hornet-maven-plugin. the reason I say about the version is that the repository doesn't have the version. So I think I have to change the version of plugin that the repository has.
the soure code is here( https://github.com/verystrongjoe/hornetq/tree/master/examples/jms/clustered-queue ).
I downloaded that to my local disk. and I imported to my eclipse.
but the result was an error like below.
Failure to find org.hornetq:hornetq-maven-plugin:pom:1.1.1-SNAPSHOT in http://repository.jboss.org/nexus/content/groups/public was cached in the local
repository, resolution will not be reattempted until the update interval of jboss-public-repository-group has elapsed or updates are forced
If you go to the repository http://repository.jboss.org/nexus/content/groups/public , there are 1.1.0 or 1.0.0.
please let me explain about this.. thanks in adavance.
You can see the answer on Line 716 of the super-POM:
<plugin>
<groupId>org.hornetq</groupId>
<artifactId>hornetq-maven-plugin</artifactId>
<version>1.1.1-SNAPSHOT</version>
</plugin>
It sounds like you might not be knowledgeable enough to work on the edge of the github source. Perhaps you should work with one of the recent release tags instead?
You are forking and trying to work with an in-development SNAPSHOT version of HornetQ. That normally requires more work than using released versions. Tip one: consider working only with released versions of HQ.
If not, be aware that:
HornetQ does not release *-SNAPSHOT versions of artifacts to Maven repositories. That is the reason you won't find them at that JBoss Maven repository. BTW, See here for comments with regards to figuring out dependencies of HornetQ examples https://github.com/hornetq/hornetq#recreating-the-examples
See here about the minimal instructions of using the SNAPSHOT version of the hornetq-maven-plugin https://github.com/hornetq/maven-hornetq-plugin/blob/master/README.md
Please notice that the content of each of those links is small. I could have copied their content here but I didn't. My point is: these projects have README files which address your issues, you should always check the README.

Resources