Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1061158 - Maven repo: suspicious files present
Summary: Maven repo: suspicious files present
Keywords:
Status: VERIFIED
Alias: None
Product: JBoss BRMS Platform 6
Classification: Retired
Component: Maven Repository
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ER3
: 6.0.2
Assignee: Petr Kočandrle
QA Contact: Marek Winkler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-04 13:07 UTC by Petr Široký
Modified: 2019-01-01 02:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)
Filtered list of suspicious files. (deleted)
2014-03-21 09:34 UTC, Petr Široký
no flags Details

Description Petr Široký 2014-02-04 13:07:59 UTC
Description of problem:
The Maven repo contains a great number of suspicious files. For example zips, wars or XSDs.

This issue is related to https://bugzilla.redhat.com/show_bug.cgi?id=1056184 but is more general, it lists more that just zip and war files.

See https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/brms-maven-repo-wolf-validator/lastCompletedBuild/testReport/(root)/SuspiciousFileException/
for up-to-date list of the suspicious files.

Some of the reported issues may be false positives, but IMO at least the war files and some of the zip files should be removed.


Version-Release number of selected component (if applicable):
6.0.0-CR2

Comment 2 Rajesh Rajasekaran 2014-02-18 20:58:23 UTC
Now that BZ#1056184 is resolved with ER1 build, can you update this issue with the list of suspicious files that are still present?

Comment 3 Rajesh Rajasekaran 2014-03-20 16:46:48 UTC
A majority of the 'suspicious' files are *-tests.jar and *-tests-sources.jar which are requested to be removed in BZ#1074472 and *-scm-sources.zip and *-patches.zip which are requested to be removed in BZ#1056184 . It would be good to see what remains after those two bz's are addressed.

Comment 4 Petr Široký 2014-03-21 09:34:35 UTC
Created attachment 877182 [details]
Filtered list of suspicious files.

I was kind of waiting for the mentioned BZs to get fixed, so I don't have to do the filtering manually. However since the repo is still not available and I am not sure when it will be, I am attaching the list of 'suspicious' files after removing those from BZ#1074472 and BZ#1056184.

Please note there is still a big number of false positives. If we for example decide to remove all UI related stuff (BZ#1056184) the list is down to 14 "failures".

Comment 6 Petr Kočandrle 2014-03-29 00:01:52 UTC
The files without primary jar seems to be residue after removing war files which they belonged to. The athers will be resolved by exclusion of all files with "xml", "xsd", "jdocbook", "jdocbook-style" and "properties" extensions. Or should some of them stay in the repo?

Comment 7 Petr Široký 2014-03-29 09:11:10 UTC
I guess we can remove the jdocbook and jdocbook-style ones. Not sure about the "xml" and "xsd" files. The XSD might come handy is some cases. But not sure if they should/can be part of the repo.

Just a note:
Suspicious does _not_ necessarily mean they should be removed. It just means they should be looked at and decided if want to remove them or keep them there.

Comment 9 Petr Široký 2014-12-09 00:30:36 UTC
There are still some files reported by wolf-validator, but they all seem to be false positives. I am closing this BZ as the major part (getting rid of zips and wars) was resolved. I will file new BZ for individual artifacts in future.


Note You need to log in before you can comment on or make changes to this bug.