Skip to content

Replace JCenter with OSSRH #967

New issue
New issue
Closed
#968
Closed
Replace JCenter with OSSRH#967
#968
Labels
enhancementFor recommending new capabilitiesproposalProposed Specification or API change
@kdavisk6

Description

@kdavisk6
kdavisk6
opened on May 13, 2019

Proposal

JCenter is great, however it's process for syncing to Maven Central can be cumbersome and is difficult to automate, as our most recent attempts to release have shown. I would like to propose that we deploy our snapshots and releases to OSSRH instead.

Benefits

  • Signed artifacts prevent accidental or intentional package hijaking see A Confusing Depdency
  • Automatic synchronization of releases to Central
  • Easily add and remove authors by working with Sonatype. In JCenter, only the owner of the package can manage the process.

Drawbacks

  • Artifacts must be signed by one of the approved developers.
  • JCenter users will need to wait for JCenter to mirror new releases.
  • Onboarding process for new maintainers will be longer, due to signing requirements.

I feel that the benefits of moving to OSSRH outweigh the drawbacks of leaving JCenter, specifically when it comes to the risks of fraudulent packages alone.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementFor recommending new capabilitiesproposalProposed Specification or API change

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions