Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change Maven coordinates #560

Closed
mannodermaus opened this issue Dec 13, 2018 · 9 comments · Fixed by #567
Closed

Change Maven coordinates #560

mannodermaus opened this issue Dec 13, 2018 · 9 comments · Fixed by #567
Assignees
Labels

Comments

@mannodermaus
Copy link
Contributor

mannodermaus commented Dec 13, 2018

We've all seen the recent article about malicious dependencies. Basically, it's very trivial to upload malicious code to jcenter(), which is why it should be at the very bottom of any project's repositories block. For libraries that rely on Jitpack, it's important to list that repository above JCenter.

PermissionsDispatcher lives in the com.github.hotchemi namespace, and we've had issues in the past where people accidentally pulled in from Jitpack, not the JCenter that we provide our artifacts to. (Background: Jitpack will pick up on any group ID starting with com.github, which is a mistake for PD, but Jitpack doesn't know that.) Since this would mean that PD users do need to specify jcenter() first, I would like to propose a change in Maven coordinates going forward to keep everybody safe.

@hotchemi
Copy link
Member

@mannodermaus thank you so much! I basically agree for the proposal:D Could you possibly work on that?

@mannodermaus mannodermaus self-assigned this Dec 14, 2018
@mannodermaus
Copy link
Contributor Author

I'll try to allocate some time this weekend, sure. Now, what do you guys propose the new coordinates should be? Since we don't own any domain for PD, we'd have to find another solution...

@hotchemi
Copy link
Member

org.permissions.dispatcher or org.pd? 🤔

@mannodermaus
Copy link
Contributor Author

mannodermaus commented Dec 15, 2018

How do you feel about these artifacts?

Current Proposal (1) Proposal (2)
com.github.hotchemi:permissionsdispatcher org.permissions.dispatcher:library org.pd:permissionsdispatcher
com.github.hotchemi:permissionsdispatcher-processor org.permissions.dispatcher:processor org.pd:permissionsdispatcher-processor
com.github.hotchemi:permissionsdispatcher-annotation org.permissions.dispatcher:annotation org.pd:permissionsdispatcher-annotation

I prefer the first proposal, it looks more balanced. Also, what do we do about imports? Do we leave the packages where they are now?

@hotchemi
Copy link
Member

hotchemi commented Dec 17, 2018

Hey sorry for the late, after checking other libraries I prefer including library name in artifactId as well(so 2 looks preferable to me)! Like Dagger or Moshi.

https://github.com/google/dagger#android-gradle
https://github.com/square/moshi#codegen

I suppose one of the reason of it is it would be sort of difficult to distinguish on jcenter or bintray website🤔

screen shot 2018-12-17 at 16 24 49

@mannodermaus
Copy link
Contributor Author

Ah, that's true. How about the following then:

Current Proposal (2)
com.github.hotchemi:permissionsdispatcher org.permissions.dispatcher:permissions-dispatcher
com.github.hotchemi:permissionsdispatcher-processor org.permissions.dispatcher:permissions-dispatcher-processor
com.github.hotchemi:permissionsdispatcher-annotation org.permissions.dispatcher:permissions-dispatcher-annotation

@hotchemi
Copy link
Member

LGTM! Seems we have to contact bintray support team so let me handle the issue
https://stackoverflow.com/q/34756204

@hotchemi hotchemi self-assigned this Dec 20, 2018
@hotchemi
Copy link
Member

Created new maven repo
https://bintray.com/hotchemi/org.permissionsdispatcher

@hotchemi
Copy link
Member

We're going to release new artifact after #562 merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants