Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1061158

Summary: Maven repo: suspicious files present
Product: [Retired] JBoss BRMS Platform 6 Reporter: Petr Široký <psiroky>
Component: Maven RepositoryAssignee: Petr Kočandrle <pkocandr>
Status: VERIFIED --- QA Contact: Marek Winkler <mwinkler>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0.0CC: kverlaen, pkocandr, rrajasek
Target Milestone: ER3   
Target Release: 6.0.2   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
Filtered list of suspicious files. none

Description Petr Široký 2014-02-04 13:07:59 UTC
Description of problem:
The Maven repo contains a great number of suspicious files. For example zips, wars or XSDs.

This issue is related to but is more general, it lists more that just zip and war files.

for up-to-date list of the suspicious files.

Some of the reported issues may be false positives, but IMO at least the war files and some of the zip files should be removed.

Version-Release number of selected component (if applicable):

Comment 2 Rajesh Rajasekaran 2014-02-18 20:58:23 UTC
Now that BZ#1056184 is resolved with ER1 build, can you update this issue with the list of suspicious files that are still present?

Comment 3 Rajesh Rajasekaran 2014-03-20 16:46:48 UTC
A majority of the 'suspicious' files are *-tests.jar and *-tests-sources.jar which are requested to be removed in BZ#1074472 and * and * which are requested to be removed in BZ#1056184 . It would be good to see what remains after those two bz's are addressed.

Comment 4 Petr Široký 2014-03-21 09:34:35 UTC
Created attachment 877182 [details]
Filtered list of suspicious files.

I was kind of waiting for the mentioned BZs to get fixed, so I don't have to do the filtering manually. However since the repo is still not available and I am not sure when it will be, I am attaching the list of 'suspicious' files after removing those from BZ#1074472 and BZ#1056184.

Please note there is still a big number of false positives. If we for example decide to remove all UI related stuff (BZ#1056184) the list is down to 14 "failures".

Comment 6 Petr Kočandrle 2014-03-29 00:01:52 UTC
The files without primary jar seems to be residue after removing war files which they belonged to. The athers will be resolved by exclusion of all files with "xml", "xsd", "jdocbook", "jdocbook-style" and "properties" extensions. Or should some of them stay in the repo?

Comment 7 Petr Široký 2014-03-29 09:11:10 UTC
I guess we can remove the jdocbook and jdocbook-style ones. Not sure about the "xml" and "xsd" files. The XSD might come handy is some cases. But not sure if they should/can be part of the repo.

Just a note:
Suspicious does _not_ necessarily mean they should be removed. It just means they should be looked at and decided if want to remove them or keep them there.

Comment 9 Petr Široký 2014-12-09 00:30:36 UTC
There are still some files reported by wolf-validator, but they all seem to be false positives. I am closing this BZ as the major part (getting rid of zips and wars) was resolved. I will file new BZ for individual artifacts in future.