Re: Jenkins jobs: maven-3.8 as default

Home Messages Hashtags Subgroups

Anil Belur #13986 +1 on moving to mvn38. Cheers, Anil toggle quoted message Show quoted text On Wed, Nov 24, 2021 at 10:43 PM Robert Varga <nite@...> wrote: Hello TSC members, during infrastructure-side preparation for odlparent-10's requirement of maven-3.8+ in Sulfur, we have discovered an issue with our current JJB setup. It essentially means that attempts to override job group definitions' use of maven-3.5 are fruitless. After sparing a bit with Anil on Slack, we have concluded that the cleanest solution is to: - set our default to mvn38 - remove all current overrides of this default This would result in all our jobs using maven-3.8, including Silicon and Phosphorus. This change is purely in our build infrastructure and nothing changes in terms of the ability to build Silicon/Phosphorus projects with maven-3.5+. In terms of compatibility, I have been using maven-3.8.2+ for all local builds for a couple of months now and experienced no issues at all. There is another angle to this, which is that maven-3.8.1 is a security, as detailed here: https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2020-13956 https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291 Hence we would like to merge https://git.opendaylight.org/gerrit/c/releng/builder/+/98646 and follow that up with a cleanup of superfluous mvn-version directives. Are there any objections to this plan of action? Thanks, Robert
More All Messages By This Member

Join {TSC@lists.opendaylight.org to automatically receive all group messages.