OSSRH Sunset Announcement: The OSSRH service will reach end-of-life on June 30th, 2025
The Central Repository DocumentationOSSRH Sunset Announcement
#MavenCentral
0 posts0 participants0 posts today
I'm trying to build an abandoned #Android app. One can learn quite a lot about that source code and build scripts are not enough to build a piece of software. It's also tools and dependencies. #Gradle seems to do braking changes from time to time and why did people push to #jcentral instead of #MavenCentral ? If one tries to build the dependency the same problem pops up again...
High load of maven central servers.
https://www.sonatype.com/blog/maven-central-and-the-tragedy-of-the-commons
#java #maven #MavenCentral
www.sonatype.comMaven Central and the tragedy of the commonsMaven Central is experiencing a tragedy of the commons situation in which 83% of its total bandwidth is being consumed by just 1% of the IP addresses.
Maven Central Search 0.6.3 has been released. Use mcs to quickly lookup dependency coordinates in Maven Central, without having to switch to your browser.
#java #maven #mavencentral #search
https://github.com/mthmulders/mcs/releases/tag/v0.6.3?utm_medium=erik.in&utm_source=mastodon
GitHubRelease Release v0.6.3 · mthmulders/mcsChangelog
🧰 Tasks
267f081 Releasing version 0.6.3
aa243cd Revert release of 0.6.3
729ce34 Releasing version 0.6.3
6ae5f0c Bump org.pitest:pitest-maven from 1.15.8 to 1.16.0 (#351), closes #351
ecc...
I wish the #AndroidSDK team would follow repository best practices and stop silently reissuing binary releases under the same name/version. #MavenCentral does not allow this, for example. The #FDroid transparency log shows the newest violation: two version of sources-34_r01.zip with the file name, version code, and metadata.
GitLabchecksums.json · e7bf63a1ad3327e3e3115bfc0852c8cc8ddac067 · F-Droid / android-sdk-transparency-log · GitLabA "binary transparency" log of the Android SDK binaries, as published on https://dl.google.com/android/repository
#hugops to #mavencentral I've never seen publishing go down.
Replied in thread
@dreo @OpenRefine our implementation is not really designed to be called externally, but it does happen to be published on #MavenCentral as a Java library that could be reused (https://central.sonatype.com/artifact/org.openrefine/main). That being said this artifact contains a lot more than GREL so it will pull in many dependencies. We are working on modularizing our code base better and having a specific artifact for #GREL.
Maven CentralMaven Central: org.openrefine:mainDiscover main in the org.openrefine namespace. Explore metadata, contributors, the Maven POM file, and more.
New #JCON2023 
This talk is intended to give you the background into the history of #Maven Central, explain why Sonatype, who are the stewards of Maven Central, provide such a critical service, & what our philosophy is for dealing with problematic content. We’ll also explore how the service works...
Watch his video now: https://www.youtube.com/watch?v=0A53s8ktN0M&list=PLFeSAZzYdUociSvSvXHoCM4TDEgvG4AZt&index=1
#DevOps #OpenSource
New #JCON2023
This talk is intended to give you the background into the history of #Maven Central, explain why Sonatype, who are the stewards of Maven Central, provide such a critical service, & what our philosophy is for dealing with problematic content. We’ll also explore how the service works...
Watch his video now: https://www.youtube.com/watch?v=0A53s8ktN0M&list=PLFeSAZzYdUociSvSvXHoCM4TDEgvG4AZt&index=1
#DevOps #OpenSource
Replied in thread
@danb @webmink @fdroidorg We have some automated scans for license changes, but we always appreciate when people let us know when they see something. We have a harder problem than say Debian since #Android apps are basically all built using dependencies from #MavenCentral, which doesn't enforce that things published there are #FLOSS. https://f-droid.org/2022/07/22/maven-central.html
f-droid.orgMaven Central is not as free as it looks | F-Droid - Free and Open Source Android App RepositoryF-Droid is always commited to distribute FOSS Android apps. Building freesoftware from source for Android comes with a different set of challengesfrom GNU/Li...
Since #jcenter is now redirecting to #mavenCentral, some people have asked us about older versions of #grolifant being made available.
If you are still dependent on a on older version than 1.0.0 and you cannot upgrade, you can ping us and we'll see what we can do.
Priority will be given to FLOSS projects and will be done on a best-effort basis.
If you are commercially dependent on this, you should consider donating to the Patreon account, so that we can maybe pay a volunteer to do the work.
Your Java App is Vulnerable! Save yourself from transitive vulnerabilities. TuxCare is working on a SecureChain repository for Java.
Just a heads-up: Our #Mastodon client library project for #Java and #Kotlin will be renamed from #BigBone to #Sabertoot within the next week. Existing snapshots of #BigBone will stay on #MavenCentral for a while but there will be no more updates. More details will follow soon.
https://github.com/andregasser/bigbone
GitHubGitHub - andregasser/bigbone: BigBone - A Mastodon Client Library for Java and KotlinBigBone - A Mastodon Client Library for Java and Kotlin - andregasser/bigbone
Hurray for @danjconn of #Sonatype, new Foojay 
author (join in, everyone is welcome!) with the third part of the #sbom series from the team that brings you #MavenCentral and more!
https://foojay.io/today/making-sboms-threats-and-modelling-them-a-piece-of-cake/
foojayMaking SBOMs, Threats, and Modelling Them a Piece of Cake!The third article in a series on SBOMs, software supply chains, the government and you, introducing threat modelling and tools to help!
Just published 1.8 version of #GPX files reader and writer into #MavenCentral. Written in #Kotlin, with no dependencies https://github.com/bvn13/GpxAndroidSdk - it is not only for #Android. Works on #Java as well. The current update brings a compatibility with #OsmAnd GPX files.
GitHubGitHub - bvn13/GpxAndroidSdk: Android (Kotlin) SDK for manipulating GPX filesAndroid (Kotlin) SDK for manipulating GPX files. Contribute to bvn13/GpxAndroidSdk development by creating an account on GitHub.
#MavenCentral is essential in #Android and #Java but wow is it confusing to get started putting releases up there. I guess I don't think like Java devs. I wrote up a quick HOWTO about how I manage to do it: https://gitlab.com/-/snippets/2482490
GitLabUploading to Maven Central ($2482490) · Snippets · Snippets · GitLabGitLab.com
#Decentralized #software repository systems like #npm #maven #rubygems #pypi etc have key issues that make them hard to decentralize properly: solid verification is optional, one repo can override packages from another, and the tooling makes it hard to see which repo was actually used. #MavenCentral has additional measures which make it more trustworthy, but if devs add repos, those can still override it. #Gradle verification helps a lot when using Maven repos but does not solve everything 1/2
Some updates regarding the #Bigbone #Java / #Kotlin client library for #Mastodon: Artifact deployment to #SonaType #MavenCentral is mostly ready (PR to be created), update from RxJava 2 to latest 3.1.5 done as well. Plus further API cleanups done. Big thanks to @factotum for his contributions so far! Release 2.0.0 is getting closer! https://github.com/andregasser/bigbone
GitHubGitHub - andregasser/bigbone: BigBone - A Mastodon Client Library for Java and KotlinBigBone - A Mastodon Client Library for Java and Kotlin - andregasser/bigbone