findbugs-annotations icon indicating copy to clipboard operation
findbugs-annotations copied to clipboard

Published 20 hours ago verified publisher icon stephenc

publish 3.0.1-1 release

Open busbey opened this issue 8 years ago • 10 comments

please publish the latest release artifacts in a way that gets them mirrored on maven central.

busbey avatar Aug 03 '16 15:08 busbey

+1 Thank you!

amihalik avatar Oct 13 '16 20:10 amihalik

Hi, is there a reason why the version 3.0.1-1 still does not get published on maven central? This will be indeed very helpful

atanasg avatar Jul 13 '17 12:07 atanasg

It has been almost 2 years since the original issue was created, anything we can do to help to get this out?

iemejia avatar Jun 13 '18 07:06 iemejia

@iemejia well... it's Apache Licensed... you could fork it, and publish it yourself under a different namespace... it would just to be nice to have it being published from @stephenc himself, so we don't add to the clutter on maven central

AFulgens avatar Jul 10 '18 11:07 AFulgens

Last time I checked there were issues with updating because of The use of javax package name for the base annotations without a published JSR

stephenc avatar Jul 10 '18 20:07 stephenc

@stephenc thank for the info, and your efforts. Do I see correctly, that currently the best way of action is cloning this repo and deploying it to a company repository? There you (usually) don't have these kind of restrictions ;)

AFulgens avatar Jul 11 '18 06:07 AFulgens

I think using spotbugs is the way to go.

stephenc avatar Jul 11 '18 06:07 stephenc

https://github.com/spotbugs/spotbugs/tree/release-3.1/spotbugs-annotations though it's LGPL

stephenc avatar Jul 11 '18 06:07 stephenc

The issue, iirc, is that if you are using the 3.0.0 version of this library because you want Apache license, well you are SOoL because to get binary compat, we have to include a dependency on classes that we cannot put an Apache license on.

I need to cross check the latest spotbugs docs to see if they have removed those illegal javax package dependencies (as they are Category X - incompatible with Apache license)... so while in an internal repo you can do whatever you like, the legal effect is still the same... and the only reason to use this library in place of spotbugs is because you need Apache in place of LGPL... and that should be rare (it was the original GPL license that caused issues... plus the presence of this proves late binding substitution is possible, therefore preventing (IANAL) any claim of virality

stephenc avatar Jul 11 '18 06:07 stephenc

Indeed we need to use Apache/BSD-licensed libraries, even if I personally do know that LGPL is not viral, at least in case of Java packages — as you've mentioned earlier, it's less problematic to side step a lawyer than to convince him.

Regarding the release — technically we miss the only thing in the current release @SuppressFBWarnings annotations.

amorozov avatar Apr 15 '21 03:04 amorozov