Clojurians Log v2
clojars
Anyone know why postgresql 9.4 isn't available on Clojars? https://clojars.org/search?q=postgresql
@oskarth: Because it's available in Maven Central: http://search.maven.org/#artifactdetails%7Corg.postgresql%7Cpostgresql%7C9.4.1207.jre7%7Cbundle
Hmm, postgresql driver being available at all on clojars is a bit suspicious. Especially the on with postgresql/postgresql coordinates which is same as old Maven Central coordinates.
@juhoteperi: ah, makes sense. The discrepancy is what got me
yeah, it is a bit weird, https://github.com/clojars/clojars-web/issues/468 should help fix this
although I’m not sure what we do about existing projects
that's something we'd need to discuss - should we purge existing projects that shadow stuff on central? we should determine how many shadowing projects we have
or do we remove it only if the artifacts aren't identical?
or the other way around, purge identical ones, and keep non identical ones?
for example, dynapath is on both clojars https://clojars.org/org.tcrawley/dynapath and central https://search.maven.org/#artifactdetails%7Corg.tcrawley%7Cdynapath%7C0.2.3%7Cjar
well, if they are non-identical, we really don't want them there at all, since that would mean foo/bar 1.0 from clojars is different from foo/bar 1.0 from central, and central should probably be canon
I guess, though it would be changing things people depend on
It would be nice to just purge them all
I think if they are using foo/bar 1.0 from clojars when it exists on central, we have no way to know if the one on clojars is malicious
and getting one over the other would depend on how the tooling ordered the lookup, possibly based on the order of the repos
but I agree, if we purge, we should purge all
Boot does ordered lookup, but I think it looks up clojars before central 😕
Or at least Boot keeps the defined order and passes that to aether
(filter-in-clojars (take 1000 lines))
=> ("asm" "bouncycastle" "ch.cmbntr")
those three groups are in maven central
Hmm, is that supposed to be complete list?
Postgresql group is also on both: http://search.maven.org/#artifactdetails%7Cpostgresql%7Cpostgresql%7C9.1-901-1.jdbc4%7Cjar and https://clojars.org/postgresql
"asm"
"bouncycastle"
"ch.cmbntr"
"clover"
"co.paralleluniverse"
"coconut"
"colt"
"com.aerospike"
"com.alexeinunez"
"com.amazonaws"
"com.ardoq"
"com.backtype"
"com.basho.riak"
"com.boundary"
"com.cemerick"
"com.clearspring.analytics"
"com.comoyo"
"com.datastax.cassandra"
"com.datomic"
"com.eaio.uuid"
"com.facebook"
"com.factual"
"com.fasterxml.jackson.core"
"com.flipkart"
"com.flipkart.zjsonpatch"
"com.github.docker-java"
"com.github.frankiesardo"
"com.github.kevinsawicki"
"com.github.pmerienne"
"com.github.ptgoetz"
"com.github.vivekkothari"
"com.google"
"com.google.appengine"
"com.google.code"
"com.google.code.typica"
"com.googlecode.efficient-java-matrix-library"
"com.guokr"
"com.healthmarketscience"
"com.helpshift"
"com.huaban"
"com.intentmedia"
"com.jcraft"
"com.jgoodies"
"com.joestelmach"
"com.lyncode"
"com.mysql"
"com.nocandysw"
"com.ocpsoft"
"com.offbytwo"
"com.offbytwo.iclojure"
"com.pokitdok"
"com.rabbitmq"
"com.rometools"
"com.semperos"
"com.sna-projects.krati"
"com.soundcloud"
"com.sun.grizzly"
"com.sun.jini"
"com.twitter"
"com.vividsolutions"
"commons-pool"
"concurrent"
"de.otto"
"de.paymill"
"dk.brics.automaton"
"easyconf"
"edu.berkeley.nlp"
"edu.mit"
"edu.stanford.nlp")
that’s the complete list of duplicate groups
(not necessarily duplicate artifacts though, I didn’t check for that)
actually, there’s a few more to check
nope, that’s the list
how are you generating that list? because org.tcrawley should definitely be in it