Build error with gradle (command line)
John Neffenger
john at status6.com
Tue May 11 15:04:16 UTC 2021
On 5/11/21 5:24 AM, Jeanette Winzenburg wrote:
> deleting the caches did work, at last ;)
That's also what I had to do after similar errors. I thought there might
be some bumps in the road when I proposed adding the Gradle dependency
verification, but I hope we can retain enough of it to make the builds
safer than before.
If we notice that the the POM files are changing (without updating their
versions), Kevin's idea of removing the POM entries should help. Even
the Gradle documentation anticipates some problems, saying "It means
that you will be tempted to switch it off." [1]
The more I learn Gradle, the less likely I am to choose it for my own
projects, but it is far ahead of Maven, for example, in protecting
against supply-chain attacks. For Maven, this feature is still just a
couple of old bug reports:
Extend the Project Object Model (POM) with trust information (OpenPGP,
hash values)
https://issues.apache.org/jira/browse/MNG-6026
Switch the default checksum policy from "warn" to "fail"
https://issues.apache.org/jira/browse/MNG-5728
John
[1] https://docs.gradle.org/current/userguide/dependency_verification.html
More information about the openjfx-dev
mailing list