Community
Participate
Working Groups
Currently, there is no Apache MINA sshd 2.10.0 yet. But upstream is planning to do a release anyway, and apparently the Eclipse Releng Aggregator project needs it; see https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/pull/981 and https://github.com/apache/mina-sshd/pull/336 . Upstream is planning to release in time for Eclipse 2023-06 M3. Gerrit probably also should consider upgrading once it's out, probably the fixes for GH-298, GH-300, and SSHD-1316 would be good to have.[1] Besides a version number bump (and re-compilation) no changes in JGit are necessary. (But if we do it, I'll see which of the work-arounds introduced for earlier upstream versions can be removed.) The new artifacts can be consumed directly from maven, if desired. They have proper OSGi metadata. With tycho >= 2.7.5 and the latest CBI TPD, the maven coordinates can be used in the target platform directly. Bundle-SymbolicName and Automatic-Module-Name are the same as in the Orbit repackaging. I don't know if the dash license tool would pass the maven artifacts, though. (And if not: I have no idea what would need to be done upstream to make them pass out of the box, or make them pass a clearly-defined check out of the box.) [1] https://github.com/apache/mina-sshd/blob/master/CHANGES.md
(In reply to Thomas Wolf from comment #0) > Currently, there is no Apache MINA sshd 2.10.0 yet. But upstream is planning > to do a release anyway, and apparently the Eclipse Releng Aggregator project > needs it; see > https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/pull/ > 981 and https://github.com/apache/mina-sshd/pull/336 . Upstream is planning > to release in time for Eclipse 2023-06 M3. Great! > > The new artifacts can be consumed directly from maven, if desired. They have > proper OSGi metadata. With tycho >= 2.7.5 and the latest CBI TPD, the maven > coordinates can be used in the target platform directly. Bundle-SymbolicName > and Automatic-Module-Name are the same as in the Orbit repackaging. I don't > know if the dash license tool would pass the maven artifacts, though. (And > if not: I have no idea what would need to be done upstream to make them pass > out of the box, or make them pass a clearly-defined check out of the box.) Eclipse Platform is already using Mina SSHD from Maven Central directly: https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/151c78e6092afb04cccec124ee03c8beec14aa7f/eclipse.platform.releng.prereqs.sdk/eclipse-sdk-prereqs.target#L171-L176 And the dash license verification workflow of eclipse.platform.aggregator is fine with that as well: https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/actions/workflows/licensecheck.yml So consuming from Maven-Central directly should not be a problem. In general the plan is to remove repacked artifices that are already 'OSGi read' from Orbit: https://bugs.eclipse.org/bugs/show_bug.cgi?id=579916#c14
(In reply to Hannes Wellmann from comment #1) > (In reply to Thomas Wolf from comment #0) > > Upstream is planning to release in time for Eclipse 2023-06 M3. > > Great! Note that I wrote "is planning to". In the end, I won't be doing the release, so I can't make any binding promises. > Eclipse Platform is already using Mina SSHD from Maven Central directly: > https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/ > 151c78e6092afb04cccec124ee03c8beec14aa7f/eclipse.platform.releng.prereqs.sdk/ > eclipse-sdk-prereqs.target#L171-L176 Interesting. No problems due to the missing Automatic-Module-Name in the OSGi manifests of 2.9.2? > And the dash license verification workflow of eclipse.platform.aggregator is > fine with that as well: Interesting. Did the Eclipse rules change? I thought the "License" score had to be 60 or even 70 to pass. sshd.osgi has only 45 at clearlydefined. Anyway, all the better if it passes the dash check right away.
(In reply to Thomas Wolf from comment #2) > (In reply to Hannes Wellmann from comment #1) > > (In reply to Thomas Wolf from comment #0) > > > Upstream is planning to release in time for Eclipse 2023-06 M3. > > > > Great! > > Note that I wrote "is planning to". In the end, I won't be doing the > release, so I can't make any binding promises. > > > Eclipse Platform is already using Mina SSHD from Maven Central directly: > > https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/ > > 151c78e6092afb04cccec124ee03c8beec14aa7f/eclipse.platform.releng.prereqs.sdk/ > > eclipse-sdk-prereqs.target#L171-L176 > > Interesting. No problems due to the missing Automatic-Module-Name in the > OSGi manifests of 2.9.2? > > > And the dash license verification workflow of eclipse.platform.aggregator is > > fine with that as well: > > Interesting. Did the Eclipse rules change? I thought the "License" score had > to be 60 or even 70 to pass. sshd.osgi has only 45 at clearlydefined. > Anyway, all the better if it passes the dash check right away. If a dependency doesn't pass immediately we can generate review tickets in GitLab using the dash tool. To my experience most of them are approved automatically, if not the IP team will review them. Another possibility is to contribute curations to clearlydefined to improve the license score. I did that already a couple of times mostly successfully.
