Hackers aren’t content enough to infect your laptop, they want your phone. There’s an article over on SecurityNewsDaily that talks about some new Android malware that can take over your phone. Here’s the fun quote:

“The new Android malware disguises itself in fully functional copies of apps, including ―Angry Birds Space,∥ and hides its malicious payload in the string of code at the end of an otherwise genuine JPEG file, Lookout said. This rogue code exploits the GingerBreak vulnerability, a flaw that enables it to gain control of the phone and trick the victim into purchasing apps from illegitimate app stores.”

It looks like Android developers need to start paying more attention to security in general now that Android has exceeded 50% market share in the US market. While this vulnerability isn’t something that is directly addressable with Insight at the moment, but it reminds us that we need to start focusing more on mobile. Since Android development is Java-based, you can immediately benefit from downloading Nexus Professional 2.0 today and making sure that all of your application dependencies are free of known vulnerabilities.

Note: This post references our Security Feed. We maintain a feed of security stories relevant to developers which is isolated from our main blog feed. If you are interested in getting the full feed, read it here.

SQL injection really bugs me. It is almost always the application developer’s fault. Once you notice that a site’s registration form breaks on apostrophes (maybe your last name is Irish) it’s often a sign that you’ll be able to throw in some SQL with that last name.

Penetration testing experts use a tool like Havij: An Advanced SQL Injection Tool. It’s a nice friendly GUI designed to make it easy to “own” an application. Point, click, and compromise. Well, even though the project itself has nothing to do with evil, Cybercriminals are having a love affair with Havij.

My advice: download this tool and get to know it. Start your own love affair with Havij before the bad guys start throwing errant quotes into your form fields. Also don’t think that enterprise languages like Java or .NET are invulnerable to SQL injection attacks. To avoid these attacks, here’s some quick advice:

• Never trust input directly from an HTTP parameter.
• Use some web framework like Tapestry, GWT, or Struts, and make sure that all user input passes through whatever mechanism it is using for input processing and validation. It is very likely that the framework is built to resist SQL injection.
• Use a good ORM or persistence library like iBatis or Hibernate. Again these are just more layers to make sure that your input isn’t going straight into a SQL statement.
• Use Nexus 2.0 Repository Health Check to make sure that your web frameworks and persistence frameworks are up to date.

Note: This post references our Security Feed. We maintain a feed of security stories relevant to developers which is isolated from our main blog feed. If you are interested in getting the full feed, read it here.

This is something of a public service announcement because we know from our site analytics that 14.29% of you are running OSX. If you run OSX 10.6 or higher and Java, take a quick break and upgrade.

In case you missed it there is a vulnerability in Apple’s version of Java that is fueling the rise of what people are calling the Flashback botnet. According to this Computerworld article, this OSX Flashback botnet is at least 600,000 computers strong and the latest variants of the attack “do not require user intervention”. The advice to fix this Mac vulnerability? Last week a Register article stated that “F-Secure advises users to disable Java, which is not needed to visit the vast majority of Web sites, on their Mac.” Right….. disable Java. Something tells me that’s not effective advice for this developer audience.

If you want to protect yourself, follow Apple’s instructions and upgrade Java. If you are running OSX Leopard or earlier, you are out of luck and you should probably either disable Java or upgrade (really, isn’t it time for an upgrade anyway?). This upgrade from Apple will also remove installed malware if you’ve been compromised. Conclusion: Java developers, all of your OSX machines are belong to Flashback. Upgrade now.

Note: This post references our Security Feed. We maintain a feed of security stories relevant to developers which is isolated from our main blog feed. If you are interested in getting the full feed, read it here.

Sonatype’s Charles Gold has just published an article in the ISACA Journal: “Mitigating the Risk of OSS Software”. Here’s an excerpt from his ISACA blog discussing the article:

“[I]t has been reported that up to 80 percent of custom software code created today is assembled from open-source components. Upon closer examination, we see a software supply chain that lacks visibility and control and carries with it some glaring risks. While the industry has been quick to embrace open source for its rapid innovation and its undisputed acquisition cost benefits, it has largely ignored a fundamental problem: there is no update notification infrastructure for open-source components.”

If you are a member of a ISACA, you can read this article in the current issue (Volume 2, 2012) of the Journal. In the full article Gold defines the challenges and risks associated with unmanaged OSS consumption and then defines a series of recommended steps you can take to mitigate these risks.

Gold’s article raises awareness of application-level security within the context of OSS-consumption. Here are two interesting excerpts from the article. The first talks about the disconnect between US-CERT security vulnerabilities and the consumption of artifacts from Central:

“Even when security warnings are posted and easily accessible, they are often overlooked. In March 2009, the US Computer Emergency Readiness Team (US-CERT) and the US National Figure 2—Transitive Dependencies Make It Difficult to Govern Component Usage Institute of Standards and Technology (NIST) issued a warning that the Legion of the Bouncy Castle Java Cryptography API artifact was extremely vulnerable to remote attacks. In January 2011, almost two years later, 1,651 different organizations downloaded the vulnerable version of the artifact from the Central Repository within a single month.”

And, the second addresses the problem of assessing exposure to OSS licenses:

“cutting through the complexity of acquiring and evaluating external components and the associated legal obligations can be difficult and time-consuming. There are multiple types of open-source licenses, each with different terms and conditions that must be met.”

If you are consuming OSS without paying attention to some of the critical issues outlined in this article, you can start today by downloading a trial of Nexus Professional. With Nexus Professional’s Repository Health Check you can keep track of your exposure to both security vulnerabilities and OSS licenses.

I’m pleased to share the results of this year’s Sonatype Open Source Software Development Survey.  We were blown away by the level of participation — more than 2,550 of you took the survey.

Thank you to all of you who contributed your thoughts about your tooling, the components you use, and your organizations’ open source policies (and how you feel about them).    There results are extremely interesting.

Take a look for yourself  (best viewed in  ‘full screen’ mode), let us know what you think, and share with your friends and colleagues.

For those of you who would prefer our survey results as a PDF, here they are: Sonatype Survey Findings

Maven Central has become an increasingly important resource for the development community at large. We’ve put several efforts forward earlier this year to help improve the content quality and to reduce the time required to get artifacts into the repository. These have matured over time and are now automatically validating artifacts. These processes are documented for Maven Projects and 3rd Party Artifacts.

To improve the experience for users in Europe, Sonatype has provisioned a new official repository in the United Kingdom. This is more than a mere mirror of Central, this system is updated in lockstep with the systems here in the US, and is managed and monitored 24×7 by Contegix, the same team watching over the US repositories. The new repository consists of two fully redundant systems running in parallel to provide complete fail-over capacity.

In addition to the new repository, we have taken several steps to improve and further secure Central itself:

• A new system has replaced Central as the inbound processing engine. On this staging system, we can now vet inbound artifacts for quality and other parameters before publishing them to repo1 and Europe. It also serves as a hot standby for the US repository.
• We’ve worked with Contegix to implement additional layered security around the repository machines themselves.
• There is a new Jira project to manage any and all concerns and issues with Central, the Mirrors, Content, etc
• We are working to setup another official Central Repository in Asia soon

The new repository is live at http://uk.maven.org/maven2/ if you’re using a repository manager, just replace references to http://repo1.maven.org/maven2 with the new url. If you’re not, you should be (Whitepapers: Intro to Repository Management / Stages of Repository Adoption), but until you get a repository manager in place, add the following to your settings.xml:

<mirrors> <mirror> <id>uk</id> <mirrorOf>central</mirrorOf> <url>http://uk.maven.org/maven2/</url> </mirror> </mirrors>

Some additional coverage on this topic can be seen at InfoWorld, BusinessWire and InfoQ

Maven 3.0

With Maven 3.x we have made our best attempt to listen to users, find out what they need and want, and make reasonable preparations and plans to fix the problems, implement useful features, and create the integration points for working properly with third-party systems like Nexus and Hudson. While there have been many new feature requests — and we have many new features done or in the works — the number one concern is backward compatibility. Maven 3.x makes an ardent attempt to be 100% backward-compatible with Maven 2.x. All your Maven 2.x builds should work out of the box using 3.x without change to your projects. We simply can’t cause pain to the existing user base. We are very cognizant that even small changes can have a huge impact and so we have tried achieve complete Maven 2.x fidelity with Maven 3.x.

In Maven 3.x we have reduced the number of modules, we have simplified and extracted the artifact resolution system, we have put a performance framework in place, and we have created an enormous set of integration tests for Maven’s core and for many of the core plugins. We are constantly trying to validate core features and core plugins are working properly. We hope with the simplifications that we have made that more people will get involved in the project. We have done some heavy overhauling of many of the internals to make way for future features and I believe Maven 3.x is really the only path forward for Maven. What’s the technique we used to decide on how to plan and work toward the completion of Maven 3.x? A very practical approach to determining an optimal path called desire lines.

Desire Lines

A desire line usually represents the shortest or most easily navigated route between an origin and destination. The width and amount of erosion of the line represents the amount of demand. The term was coined by Gaston Bachelard in his book The Poetics of Space. Desire lines can usually be found as shortcuts where constructed pathways take a circuitous route. A concrete example: the pathways around the Berkeley campus in California. During the early years of Berkeley no pathways were paved. Instead they let inhabitants walk in optimal paths between the buildings and location over a period time to form clear pathways over the grass. Once these pathways had been established they could be paved to make the pathway more permanent. This is very similar to what happened with Maven 2.x. Consider Maven 2.x the pathways marked in the grass. Consider Maven 3.x taking all that learning from Maven 2.x and adopting the optimal form of use and codifying those forms of use i.e. paving the desire lines.

Over the course of hundreds of thousands of people using Maven we have a very good idea of what these optimal pathways look like now. Here are a few examples of some of the things we’ve seen and the things we have to do in order to make these lasting improvements.

Responding to invitations for improvement

There are many things in Maven 2.x that work reasonably well but have some minor flaws which cause irritation:

• Dependency management. How to effectively manage what we will call a target platform (intentionally using the Eclipse nomenclature). It is easy to manage the versions of an applications runtime or its target platform. But what happens when you start pulling in multiple, separately developed target platforms.
• Version specifications and version ranges. Maven’s notion of this is workable, but when it comes to the version specification and ranges it’s time to just defer to OSGi in this regard. What OSGi specifies and what Maven specifies are not wildly different but different enough to cause some problems. We’ll be working on aligning Maven to the version specification of OSGi.
• The way plugins interact with embedded environments was just wrong. We allowed for no support for incremental changes. The result is that in M2Eclipse when you change an individual resource, that individual resource can be processed efficiently and not fire up all of Maven to run the whole build lifecycle. Sorry, but you won’t have time to get a coffee anymore.
• There are slew more, but we’ll save those for other blog entries.

Responding to … being completely wrong

There are some things in Maven 2.x we just didn’t get right and we have to make reparations:

• Composition versus inheritance in the POM. There are some great debugged toolchains like we have in the Apache Organization POM for releasing, but this toolchain is not easily consumable by outside projects because it makes no sense to inherit from the Apache Organization POM for your projects. So how can we make these chunks of debugged combinations of plugins and their associated configuration? We will introduce mixins to help with this. Essentially it will be a POM consisting of plugins and configurations that can be externally parameterized. These mixins will be deployed to a repository and be referenced with a standard coordinate. Basically it will be an intelligent import with validation which will allow composition in your POMs.
• Checking out the whole source tree versus an individual module and parent element versioning. We have always intentionally made projects specify versions in the parent elements. When you check out individual modules this is necessary. But for projects where the whole source tree is checked out, the version of the parent can be inferred and the requirement for specifying the version element in the parent can be removed.
• Clean separation of operations that need to happen at the beginning and end of the lifecycle versus in the lifecycle itself. To make the OSGi integration we created work we needed to get at the projects before the build lifecycle was executed so we added a clear hook before lifecycle execution. What we have done to make OSGi integration work in Maven 3.x is simply not possible in Maven 2.x. We also had a terrible problem with reporting and aggregation because there was no clear point at which the lifecycle was over. Now once the build lifecycle is complete there is a clear hook to get the projects in the reactor so they can be processed easily. Accurate aggregation is now possible.

• Again, there are slew more, but we’ll also save those for other blog entries.

Responding to under-utilization of what exists

Unfortunately there are still a lot of powerful features and plugins in Maven that a lot of people don’t know about. We have tried to remedy this situation with the four books that we constantly update stream, and a stream of blog posts, and the soon to be enterprise Maven users list which will focus on the holistic and systematic use of Maven, M2Eclipse, Nexus and Hudson. We need to do a better job explaining end-to-end best practices for developing, testing, and provisioning software. We also need to do a better job describing some of the incredibly useful plugins we have like the enforcer plugin and the dependency plugin.

But again, our best attempt to show people what is available through the four books that we have:

• Maven: The Definitive Guide
• Repository Management with Nexus
• Developing with Eclipse and Maven
• The Maven Handbook

Here is a picture I always use to illustrate the point that even though something may be sitting directly in front of you, it’s not always immediately obvious unless someone points it out to you. Th is is very much the case where we see users asking us for help with particular use cases and in frequently it’s very easy to answer the question by pointing to a URL. My example is the Fedex logo which was designed to have an arrow being formed between the last two letters of the logo. Quite ingenious but most people I point this out to haven’t notice it.

We are going to try a lot harder to make sure the value that exists is easier to find. I don’t enjoy reading blog posts from unhappy users at all, but I especially don’t like it when I know there is a solution which has been documented somewhere. Those painful situations can be reduced if not eliminated completely.

Backward Compatibility

I can’t stress enough how important backward compatibility is to us. We have done a non-trivial amount of work to pave the way for new capabilities in Maven 3.x while preserving 100% backward compatibility for:

• Maven itself and the behaviour that users expect from the CLI
• Artifact Resolution API
• Plugin API
• Plugin configuration
• Site generation (even though we’ve extracted site/reporting entirely into the maven-site-plugin)

We must ensure that plugins and reports written against the Maven 2.0.x APIs remain viable in 3.0. We don’t want people rewriting their plugins or having to change their projects at all or it will simply be chaos. We simply have too many users and requiring changes will have an enormous human cost so we’ve been slow in announcing Maven 3.x. The version of Maven 3.x you can pull from the Sonatype grid is probably the best version of Maven that has existed but we are still being careful about releasing it. If you want to try it you can find it here.

We must also ensure that POMs of version 4.0.0 are supported in 3.x along with the behavior currently experienced. We will need to make changes to the POM in order to introduce many of the new features so we’ve made the requisite preparation. We are relying heavily on our integrations tests right now but as we move forward the work that Benjamin is doing on the project/model-builder will help us to accommodate different versions of a POM, and different formats we decide to support. The model-builder code has no limitation with respect to formats. We can support XML, or any source that anyone can dream up. These implementations may find use outside of Maven. For example someone might build something with the Maven, JRuby, and Mercury to create a JRuby-based system. The same could be done for Groovy. We already have some examples of this with the Polyglot Maven project we’ve started which will be the topic of a subsequent post.

We have managed to keep almost everything backward compatible and we will go so far as to provide an isolated execution environment that can contain older versions of the plugin API so that everything from the past can continue to work in Maven 3.x. We will not truly be able to do this until we change the internal Maven runtime over to OSGi but we know what needs to be done.

Integration Testing

An enormous amount of time and energy has gone into improving the the integration tests for Maven. The integration tests are the gatekeeper and let us determine that we have a Maven 3.x that is compatible for Maven 2.x. We now have 506 integration tests that will help protect us as we move forward. We will likely approach 600 integration tests by the time we reach the Maven 3.0 GA.

All core Maven plugins now have ITs and we have started branching out into the Mojo project to create plugin ITs there as well. We have a good pattern so we are encouraging anyone writing a Maven plugin to create ITs so that we can help ensure we don’t break people in the future. We have really taken fixing the problems we see seriously. I couldn’t help but make a little spoof of the SNL skit and adapting it for the Maven perspective.

In the next post I will start talking about some of the technical changes we have made to Maven 3.x in order to achieve our goals. Those will include:

• Refactored model/project builder (the support Polyglot Maven uses)
• Queryable lifecycle
• Lifecycle Extension points
• Error and integrity reporting
• Mercury: Jetty Client & SAT4J
• Embedding
• Incremental build support (used heavily in M2Eclipse for performance improvements, these are changes to the plugin API)

I plan to try and write something about Maven 3.x frequently in preparation for the Maven 3.x talks in Stockholm, Dusseldorf, Cologne, and Devoxx.

Stay tuned!

The Nexus Professional 1.4 release offers a wide array of features

• Proxy Repository Browsing – With Nexus 1.4, the local cache and logical index views have been separated into separate tabs. We found that the previous single tab with a combo box to select the source was confusing.
• Publishing Web Sites to Nexus Professional – Nexus Professional 1.4 provides you with a WebDAV endpoint for publishing a web site. You can configure a Site repository that can be used as a publishing destination for project documentation. This means you don’t have to worry about providing some alternate solution to host your reports. The full support of Nexus security applies to this new type of repository, so you can control access at a very fine grained level.
• Repository Configuration Changes
  • Fine-grained control of Redeployment for Hosted Repositories: Nexus 1.4 provides administrators a simplied way to control how a hosted repository deals with the redeployment of artifacts. You can configure a repository to allow for the redeployment of previously deployed artifacts, allow for one-time deployment, or to provide a read-only interface for clients.
• Improvements to the Staging Plugin – The staging plugin had numerous improvements in the 1.4 release to increase usability and provide new functions for staging artifact bundle and verifying that staging repositories follow user configurable rule sets.
  • Support for Staging Rulesets: Nexus Professional 1.4 provides administrators with the ability to define a set of rules to apply to staging repositories before they can be promoted. The 1.4 release can validate that staging repositories contain valid POMs, valid PGP signatures, javadocs, and sources for all artifacts. The rules are pluggable and we expect to add more rules in the near future to support the Apache repository and our OSS hosting repository
  • Support for Uploading Artifact Bundles: The staging plugin now accepts artifact bundle uploads. Artifact bundles are archives which contain one or more associated artifacts, they are used to publish artifacts to the Central Maven repository, and you can use Artifact bundles to validate artifacts uploaded to Nexus.
  • General Usability Improvements in the Staging Plugin: This release of the Staging plugin focused on usability, the Staging plugin is full of improvements that make the user interface more intuitive and easier to use.
• User Account Plugin – The User Account Plugin in Nexus Professional gives unauthenticated Nexus users the ability to sign-up for a Nexus account. When this feature is enabled, a new user would click a sign-up link, fill out a simple profile form, read a captcha, and then activate a new account via an email confirmation message. Nexus Administrators can configure the default roles and permissions that are granted to newly signed up users.
• Repository Summary Panel – The repository summary panel provides statistics and configuration information for a specific repository. Users can consult the repository summary panel to gather the necessary distribution management settings for Maven configuration.
• Security Improvements – Many improvements to the user security model. In general, it is now easier to configure custom role mappings for externally managed users, and Sonatype has paid close attention to the user interface for managing users and roles. It is easier than ever to configure and secure a Nexus repository.
  • New User Role Tree: Click on a user and then click on the user role tree to see how each role contributes to the permissions for a particular user.
  • New User Privilege Trace feature: this features allows Nexus administrators to pinpoint which roles contribute which permissions to a particular user. While the user role tree provides an intuitive interface that lists role in a hierarchy, the privilege trace panel under user administration provides an alternate view. Click on a particular permission to find the roles contribute that permission to a user.
  • New Role Tree: Since a Nexus role can consist of both roles and privileges, we’ve provided an intuitive tree browser that allows an administrator to browse the hierarchy of roles and privileges associated with a Nexus Role.
  • Fine-grained control of View Repository Privilege: Nexus added the ability to configure a role to prevent users from browsing particular repositories. This is used to provide a cleaner view to users, for example to show them only groups they use via Maven and not confuse them with all the repositories aggregated by that group.
• Integration with Atlassian Crowd – Atlassian Crowd is a capable user and directory management system that can consolidate authorization and authentication to a central server. Nexus Professional’s Atlassian Crowd plugin provides seamless integration between Nexus and Atlassian’s Crowd server.
• Automated Nexus Error Reporting – Nexus 1.4 ships with an automated error repository system which can be configured to report Nexus exceptions and errors to the Nexus Issue Tracker. If configured, the system will send data to Sonatype’s Jira instance. The information contained includes the configuration (all passwords are obfuscated) as well as a file list of the repositories and exception traces. All of this data is encrypted using public-key cryptography so only Sonatype can view the contents. We expect that this information will allow us to further refine the stability of Nexus.
• Upgrades to the Nexus Book
  • A new chapter on Nexus Best Practices.
  • A new chapter on publishing web sites to Nexus.
  • Over 100 corrections and clarifications.
  • Over 80 new figures and diagrams.
  • Addition of a New Nexus Book Cover with the Nexus Logo
  

Mountain View, CA–September 15, 2009–Chariot Solutions and Sonatype are jointly announcing the fifth annual Emerging Technologies for the Enterprise Conference and Sonatype Maven Meetup, to be held at the Sheraton Society Hill in downtown Philadelphia. The two events will be held consecutively, with Sonatype Maven Meetup opening its doors on April 6th, followed by the Emerging Technologies Conference on April 7-8.

Sonatype Maven Meetup will focus on technologies centered around development infrastructure, offering talks and workshops led by core contributors and package maintainers. Sessions in two tracks will cover tools as the Apache Maven build and release manager, Hudson continuous integration engine, Nexus repository manager, Sonar quality server and other technologies widely used by software developers around the world.

Read more

Welcome to the weekly roundup of blogs and tweets that mention Nexus, Maven, and other projects that Sonatype developers contribute to.

Blogs

Vaadin blog: Vaadin 6.1 goes to Maven and adds Google App Engine support “It is now easy for Maven users to enhance their web projects with Vaadin user interfaces. The latest 6.1 version of the Vaadin Java web library is now available also for Maven users, via the Maven central repository.” by Sami Ekblad September 10, 2009 9:34 AM

The Lazy Dev: Wicket Stuff Core – Maven2 generated site “Maven2 has a power site generation tool. I cannot find this on the web for wicketstuff-core so I checked out the whole svn trunk and generated it on my machine. First news, it worked perfeclty Second, the generated site is very helpful in understanding what stuff are available for wicket.” by Daniele Dellafiore on September 9, 2009

The Lazy Dev: Use update-alternatives to upgrade maven installation on Ubuntu “Use debian update-alternatives to easily swith from different version of the same program you have installed on your machine. Or, more frequently, just to switch to a new version in a fast and clean way. Let’s make a simple example with maven.” by Daniele Dellafiore on September 2, 2009

Stash’s Development: Playing with Scala and Maven “Recently, I’ve taken up an interest in Scala and wanted to try it out with Maven. Luckily, people have already blazed this path for us by developing a Scala plugin for Maven. In this post, writing as I go, I’m going to play with what we can do with this plugin to get started.” by John Prystash on Sunday, August 23, 2009 at 1:40 PM

Next Presso: WTP + M2eclipse + Seam : Maven works! “Lucky me ! It’s only now that I need that one of my Seam project works with Eclipse WTP and Maven. Lucky because a few months ago, that tutorial would have been impossible to write. This article will show how to adapt a JEE5 project in order to make it usable with Eclipse WTP and Maven.” by Antoine Sabot-Durand on June 29th, 2009

JetBrains Zone: How to use Intellij IDEA and Maven 2 together for debugging and context help “Latest version of Intellij IDEA has excellent integration with Maven 2. I want to explain one tip that could help you to gain productivity.” by Alexander Shvets on Mon, 2008/02/11 – 11:22am

Tweets

neotyk: Advice for #Maven #MOJO #Plexus users, try sticking to defaults. Will save you lots of time. Tuesday, September 15th at 14:51:22

david_horwitz: learning to love the maven assembly plugin Tuesday, September 15th at 14:40:52

aheritier: +1 RT @jvanzyl:The Loving Iron Fist of Maven. The Enforcer Plugin is probably the most under utilized plugins there is: http://bit.ly/23mL5 Tuesday, September 15th at 14:37:03

SciComp: pf9 [maven-release-plugin] copy for tag sns-translation-client/2.13.3 http://tinyurl.com/TSchg/4334 Tuesday, September 15th at 13:58:32

mentby: How do you release your projects? #maven http://bit.ly/1COTwe Tuesday, September 15th at 13:05:53

evenisse: Useful Maven Plugins: Part 2 http://bit.ly/itG68 Tuesday, September 15th at 13:05:50

antoine_sd: @jlrigau thanks for RT #WTP #M2eclipse #Seam #Maven http://bit.ly/E4ZN5 Tuesday, September 15th at 08:08:35

bubbl_scala: Running Scala specs tests in Maven with JUnit 4 – mccv http://ff.im/-88qza Tuesday, September 15th at 05:56:16

aikisteve: Gonna put Maven into the project today. And then test the deploy on a local server. Hope it works out like a charm Tuesday, September 15th at 05:28:01

kevinSuttle: @bpanulla I like to write Ant Tasks by hand (at least at first). Does Maven offer something better as far as GIT integration? #n00b Tuesday, September 15th at 05:20:30

virtualandy: Silly question – do I have to download the GMaven src & build? Or is there a .jar that I just can’t seem to find on codehaus? #groovy #maven Tuesday, September 15th at 03:17:25

yyamano: Should we use http://repo1.maven.org/maven2/org/apache/velocity/velocity/ instead? Tuesday, September 15th at 01:41:10

steffeng: Impressed by apache http://hudson.zones.apache.org/ and sonatype https://grid.sonatype.org/ci/ continuous builds. Sort of entertaining. Monday, September 14th at 22:43:12

stuartsierra: Built custom #clojure #maven plugin with REPL & non-submodule #swank http://bit.ly/yil7g Monday, September 14th at 21:58:31

stuartsierra: Building parent #maven POMs for AltLaw.org, custom builds of #swank #clojure #hadoaop Monday, September 14th at 21:13:09

avinashmeetoo: Maven: The Definitive Guide | Sonatype: Maven and Nexus: Enterprise build and release management http://ff.im/-86QFt Monday, September 14th at 19:04:27

thierry_n: Today I had the opportunity to use the scope “import” introduced in #maven 2.0.9… Useful … Monday, September 14th at 18:41:02

AntonKronseder: Stumbled over a nice trick to disable an inherited #maven plugin: add a plugin element with an execution for pahse ‘none’. Works great. Monday, September 14th at 16:47:59

Steve_Oakley_: is looking for a snr J2EE developer for large co’ in NL. Fixed location. Websphere, Junit, Maven and Flex. Contact me to discuss or refer? Monday, September 14th at 15:56:11

SciComp: pf9 [maven-release-plugin] prepare for next development iteration http://tinyurl.com/TSchg/4328 Monday, September 14th at 15:52:05

fmcypriano: @graemerocher What changed in maven plugin 1.1? Is it working with Grails 1.2? Monday, September 14th at 15:24:31

graemerocher: Done releasing version 1.1 of the Maven Grails plugin. Will take a little while for it to propagate to the central repo I guess. #grails Monday, September 14th at 15:16:07

jlrigau: Good article (fr/en): #WTP + #M2eclipse + #Seam : c’est bien #Maven ! « Next Presso http://bit.ly/E4ZN5 Monday, September 14th at 15:18:50

jlrigau: Very usefull for #Maven users: Sonatype Nexus Maven Repository Manager http://bit.ly/tS6hL Monday, September 14th at 15:38:51

bfhall: Maven profiles rock! Lots of power and relatively easy to use. Monday, September 14th at 15:00:22

munkius: @larsvonk then go for a parent pom. You can check apache maven artifacts for an example. In the parent you can include shared dep’s & stuff Monday, September 14th at 14:22:49

peter_pilgrim: RT @jvanzyl: I’ll be at Skills Matter tonight giving a talk on Maven, M2Eclipse, Nexus and Hudson: http://bit.ly/27Z5YL (Jason Best Luck!) Monday, September 14th at 14:07:16

prauber: what is the advantage of maven? it downloads all dependencies itself. what is the disadvantage of maven? it downloads dependencies itself. Monday, September 14th at 12:46:32

munkius: @larsvonk check out nexus as a maven repository manager. You can auto-feed this by your ci-system Monday, September 14th at 12:34:54

alblue: RT @benoitx @jvanzyl Looking forward to the Maven talk tonight at #skillmatters <<< wish I could be there, hope it goes well Monday, September 14th at 11:56:38

antony: RT @graemerocher: Working on releasing the 1.1 version of the Grails maven plugin to the Codehaus repos <– My hero Monday, September 14th at 11:09:26

javatv: #java New video: Using the Naked Objects 4.0 Maven Archetype http://bit.ly/12a19a Monday, September 14th at 10:54:41

graemerocher: Working on releasing the 1.1 version of the Grails maven plugin to the Codehaus repos Monday, September 14th at 10:52:15

jvanzyl: I’ll be at Skills Matter tonight giving a talk on Maven, M2Eclipse, Nexus and Hudson: http://bit.ly/27Z5YL Monday, September 14th at 10:36:53

delicious50: M2Eclipse: Home http://bit.ly/gSvGd eclipse maven plugin Monday, September 14th at 10:23:06

jneira: M2Eclipse: maven plugin for Eclipse Home http://tinyurl.com/mepnhz Monday, September 14th at 10:22:42

olivergierke: Btw. probably was unfair to @m2eclipse… They moved to jira.sonatype.org… Was really hard to find out at the old Codehaus one… Monday, September 14th at 09:31:46

erani01: Searching how to build custom package with Maven Monday, September 14th at 07:20:49

anpieber: couldnt there be a forced guidline for apache projects to use maven?!?!? Tried to build ode; buldr… hurray yet another build tool… Monday, September 14th at 07:23:27

nerdgerl: playing round with clover – trying to get it to work with multi-module maven project Monday, September 14th at 06:58:17

dirmgr: Just released UnboundID LDAP SDK for Java 1.1.0. Includes LGPLv2.1, Maven & OSGi support, and more. http://tinyurl.com/kukzkb Monday, September 14th at 06:45:18

mediaslave: #Scala and #Lift are nice. Like the frameworks they use, blueprint, jquery, etc. Plus jvm and maven integration. need to explore them more Monday, September 14th at 05:56:39

i386: now @zhasper and I are configuring the maven-compiler-plugin together. This is true love, people. Build love. Monday, September 14th at 04:58:47 – Reply – Retweet – View

i386: I cant beleive im helping @zhasper with Maven Monday, September 14th at 04:50:35

omargomez: Happen to be doing a compiler with ANTLR. Netbeans+Maven+ANTLR is just fantastic. Anyone knows a better tool? (even if not Java based) Monday, September 14th at 04:32:36

miztylaneous: brought Maven to work today. XD Monday, September 14th at 04:08:33

mwhooker: wow, Maven is actually kind of enjoyable to watch work Monday, September 14th at 03:51:05

Georg_Tavonius: I did it! Finally, I got NetBeans, Maven and Scala to work together and rendered my first website using Scala in the backend. #scala #maven Sunday, September 13th at 21:49:38

timperrett: Just finished refactoring a legacy project into Maven – despite its foibles its still miles better than Ant or plain ol’ Eclipse Sunday, September 13th at 20:18:41

burkewebster: Working on a Maven plugin for JsTestDriver Sunday, September 13th at 14:41:47

Exmatrikulant: Watching some presentations on slideshare. Topics: Maven, Ant, Nexus, Hibernate Sunday, September 13th at 14:21:19

timdrury: setting up Hudson, maven, and maven repo to build some tools, plugins used in SAP ME Sunday, September 13th at 13:58:54

flying_gramma: http://tinyurl.com/qwcyqm How to use Intellij IDEA and Maven 2 together for debugging and context help | JetBrains Zone Sunday, September 13th at 10:05:10

gdickens: Is there any way to generate a maven pom file from a project in Eclipse or IntelliJ #maven #eclipse #intellij Sunday, September 13th at 15:30:04

acdog: [yescache] http://bit.ly/11HHlM Artie Copeland – fixed terracotta caches to support terracotta 3.1.0 updated to use oss.sonatype.org ren … Sunday, September 13th at 01:05:17

marktakala: Much of the OSGi metadata drudgery is relieved by Maven plugins, some written for Apache Felix OSGi container; others are provided by Sling Saturday, September 12th at 21:14:28

onekilo79: parallel junit 4.7 via maven and spring 3.0 http://bit.ly/1aeadv hopefully will be included in future releases Saturday, September 12th at 21:13:38

game_flash: Continuous Integration with Maven, Flex, Fliunt, and Hudson http://bit.ly/3Q4DBY Saturday, September 12th at 19:43:32

blojsomdev: r3720 provides the upgrade utility as a maven project. Need to push some snapshots to the #artifactory repos before you can use it. Saturday, September 12th at 16:16:52

acdog: [yeslib] http://bit.ly/1ZWhEI Artie Copeland – added oss.sonatype.org repo Saturday, September 12th at 14:03:28

davecheney: Playing with maven and github, http://bit.ly/1zGmAc Saturday, September 12th at 06:20:04

kevinmook: Complete Google App Engine + Lift + Maven project zipped up (Eclipse friendly): http://bit.ly/2x7lKy Saturday, September 12th at 05:09:03

JavaChilly: O’reilly to the rescue: Maven, Dojo, Javascript definitive guides AND Practical Perforce. Reference at hand –check! Saturday, September 12th at 01:37:27

acdog: [jmlnitrate] http://bit.ly/Ncc74 yestech – added gpg and other pom artifacts so it can be relesed to oss.sonatype.org Saturday, September 12th at 06:53:10

rpanachi: #maven funciona mas é muito complicado. hora de mudar para #buildr http://buildr.apache.org/ Friday, September 11th at 18:51:16

nwkr: @kbrazulewicz : One of the #Atlassian #Maven servers provides invalid data. My solution may be also proper for #Confluence. www.tiny.pl/hqgwt Friday, September 11th at 15:09:24

AntholoJ: looks like am starting to <3 #maven thanks for the good #netbeans integration Friday, September 11th at 13:01:09

krimple: For my own reference as well, #flexmojos information #flex https://docs.sonatype.org/display/FLEXMOJOS/Home Friday, September 11th at 12:30:01

joonaslehtinen: #Vaadin + #Maven & #Vaadin + Google #AppEngine micro-howtos: http://tinyurl.com/nsypfr Friday, September 11th at 10:30:56

jvanzyl: People really like the Sonatype FlexMojos project: http://bit.ly/SNXuc Friday, September 11th at 09:05:10

jfiset: @scott_lowe We’re about to implement Flex-10, #nexus, and NetApp for vSphere over the next few weeks. should be fun. Thursday, September 10th at 23:29:38

Han_Cholo: Got #Nexus and half way through with #Hudson. Thursday, September 10th at 22:14:27

Han_Cholo: Installing #Nexus and #Hudson. Thanks @scottawilliams for the help on getting started. Thursday, September 10th at 18:26:38

nwkr: in #IntelliJ IDEA CTRL+SHIFT+F9 in debug mode is very useful while developing a #JIRA plugin. No need for rebuilding whole #Maven project. Thursday, September 10th at 17:23:00

neotyk: RT @stuartsierra: #maven enabled swank #clojure fork http://bit.ly/3mY3OT Thursday, September 10th at 16:37:19

vincentkok: @stuq just tried this one: http://m2eclipse.sonatype.org/ and you should have a look at SpringSource #sts too Thursday, September 10th at 12:17:43

karianna: Battling various #Maven plugins – really annoying when you see issues fixed but no-one merges the patches in Thursday, September 10th at 11:47:09

brettporter: @cziegeler are you sure? OS X version 10.5.8 and 10.6.0 both install #maven 2.0.9 here Thursday, September 10th at 11:33:59

talios: #maven enforcer rule API looks simple enough I should be able to solve my needs easily if theres no third-party rules. Thursday, September 10th at 10:29:18

coffeecoders: Read #Maven: The Definitive Guide online or download the PDF for free (English,German and Chinese) @http://tr.im/yk3B #props to sonatype Thursday, September 10th at 09:07:12

ildella: Upgrade #maven on Ubuntu: http://bit.ly/3udpWJ Thursday, September 10th at 08:35:47

vishwajeets: @mrdonbrown thanks for your support I have only one small concern that docs should stress more on using atlas wrapper commands for maven Thursday, September 10th at 07:52:49

cambo_sareuon: @leejava If you want to know more about Maven go to http://bit.ly/xgZ9H Thursday, September 10th at 03:55:47

bubbl_scala: Stash’s Development: Playing with Scala and Maven http://ff.im/-7RVqf Thursday, September 10th at 02:36:37

brettporter: if you’re looking to fail a build, you’ll want to use the Maven PMD plugin and write a rule for it. Thursday, September 10th at 01:00:25

steffeng: Having fun with #hudson’s #maven integration internals. Anybody using hudson with maven > 2.1.0? I need a hand: http://is.gd/35HIy Thursday, September 10th at 00:09:53

talios: lazyweb – Is there an Apache Maven plugin to fail a build a certain codefragment/constructor is called? I know aspectj has something… Thursday, September 10th at 00:05:56

stuartsierra: Wrestling with #maven #clojure #hadoop http://bit.ly/2UAW6H Wednesday, September 9th at 22:12:38

stuartsierra: #maven enabled swank #clojure fork http://bit.ly/3mY3OT Wednesday, September 9th at 15:11:07

rystraum: is checking out apache #archive, #maven and #continuum. Wednesday, September 9th at 13:33:18

dsonpatricio: #maven: Pulando testes na hora de uma instalação de emergência: http://bit.ly/28vuOd Wednesday, September 9th at 13:33:14

giovanninappi: #Maven me place sempre plus… Anque si io non ha ancora trovate alcun guida vermente complete de nivello base Wednesday, September 9th at 09:16:57

devylon: RT @stuartsierra Updated #hadoop #maven POMs http://bit.ly/18BETG Wednesday, September 9th at 07:46:49

somkiat: mvn war:war =>export war file #maven Wednesday, September 9th at 07:43:15

Tunaranch: /me thinks #maven should stop using -SNAPSHOT plugins by default… Wednesday, September 9th at 04:39:16

itdnext: learning how to use #maven and enjoying it. Wednesday, September 9th at 01:50:20