My only complain is:
Compare this lengthy complex 9 step process:
https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide
with Clojure's main repo:
http://clojars.org/
$ lein pom
$ scp pom.xml mylib.jar clo...@clojars.org:
It would be great if there was a simple way to publish scala libs like this.
--
Tommy Chheng
Agreed. The phrase "dead easy" is one I would love to be able to use
more w.r.t. things like this.
-- Erik
[...] owning domains is something we're going to keep up for safety reasons. Not doing so is asking for developers not to take your releases seriously.
Migrating to a single OSS repo like Sonatype would be great.
My only complain is:
Compare this lengthy complex 9 step process:
https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide
with Clojure's main repo:
http://clojars.org/
$ lein pom
$ scp pom.xml mylib.jar clo...@clojars.org:
It would be great if there was a simple way to publish scala libs like this.
Github has an api for publishing a user's public key :
http://developer.github.com/v3/users/keys/
maybe a plugin (such as this one : https://github.com/sbt/xsbt-gpg-plugin )
could use the github key to sign the artifacts, it would remove a few steps and a bit of config.
These are ssh keys and usually you use private keys for signing...
--
Johannes
-----------------------------------------------
Johannes Rudolph
http://virtual-void.net
Does the university own the code? If so, did they approve you going open-source? This may be an implicit acknowledgement that you're allowed to use their domain to associate your code with the university.
If they didn't give you any sort of permissions, then (a) you should not have released the library as OSS or (b) *you* own the code and it should be under your domain.
What you're talking of is an issue with OSS and universities. When I was with Johns Hopkins, doing any sort of OSS was a PITA thanks to how many approvals I needed. The solution there was to work on OSS that had nothing to do with work.
The burden here is in namespacing software so that we can have competing versions of things. While I hate money-making-security-rackets, the burden here is as low as I think is practical. Owning domain names is pretty cheap *and* scala-tools.org used to provide its usage to libraries.
Note: The domain you publish to a repository with does not *have* to be the same as the package for your application. I've deviated from this practice in a few core pieces of my software.
I don't think you can query the public keys of other users with the
api. And even if it would be possible we'd still need a solution
compatible with maven IMO.
I don't think the barriers to entry for sonatype are much higher than
with scala-tools. You need
1. register your groupId with sonatype through a well documented process
2. build your artifacts with sbt
3. upload your artifacts with maven (step 7b), this step should be
integrated into sbt as soon as possible
The alleged "9-step" process is mostly the registration with sonatype
which isn't so bad compared to scala-tools.org where if you were
unfortunate you've got a process with an infinite number of steps.
If the homework is done, sbt can even start to check signatures and
we've then got a system which is based on standards, more secure and
not more complicated to use than now.
Yeah, you can put all your repository credentials in a central file
and reference that one.
See here for a complete working sonatype setup:
https://github.com/jrudolph/sbt-dependency-graph/blob/master