glassfishrobot

@ggam Commented After chatting with Arjan, we came to the conclusion that there is not enough consensus on my approach to spec anything around it givem the time constraints we...

@wmhopkins Commented This seems reasonable to me, if there is consensus from the other folks in this thread. What's left here that's actionable? Is there work to do in Soteria...

@wmhopkins Commented Deferring this to the "Futures" milestone, as the current proposal only handles explicit _Expression_ attributes, and thus leads to inconsistent treatment/validation between _Expression_ and non-_Expression_ attributes. It seems...

* **Issue Imported From:** https://github.com/javaee/security-soteria/issues/131 * **Original Issue Raised By:**@wmhopkins * **Original Issue Assigned To:** @wmhopkins

@arjantijms Commented >The when deploying soteria, all test artifacts are pushed to the repository along with the jarfile, sources, and javadoc artifacts. This was originally proposed by Oracle employee Manfred...

@wmhopkins Commented The following issues are fixed in 2f51c3e: - Brittle dependency on API. This is still hard-coded, and will need to be updated when new versions of the API...

@wmhopkins Commented The following stackoverflow thread describes how to filter the modules that are deployed: [is-it-possible-to-filter-artifacts-in-maven-release-plugin](https://stackoverflow.com/questions/30869477/is-it-possible-to-filter-artifacts-in-maven-release-plugin).

@arjantijms Commented >Haven't yet found a good way to build just the impl project for release. It does seem I could do a prepare, then script commands to manually check...

@wmhopkins Commented Yes, I'd seen the earlier comment. I understand the POV, and it may make sense to continue publishing tests for snapshots, but I really don't see the need...

@arjantijms Commented Publishing the tests along with the RI makes it very easy for anyone to run the tests without having to worry about building. So if a challenge comes...