<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

So How Open is your Open Source Company Anyway?

Luke Kanies, the creator of Puppet, commented in his last entry about Open Source business models, specifically the idea of an Open Core and what that means. As an Open Source company do you have an open version of your product that's crippled? Or do you an open version of your product that is truly useful? This was the crux of the questions I asked all the Sonatype CEO candidates, and this turned out to be the reason it took me almost 8 months interviewing 17 candidates to ferret out the right person. It was a grueling process finding Mark de Visser but I was adamant and our VCs, Hummer Winblad & Morgenthaler, were very patient and let me take my time to find the exact right match. I got pretty ornery at one point &emdash; I thought I would never find the right person in Silly Valley.

Nexus Crowd Plugin Introduction

Last week, I released an open-source plugin for Sonatype Nexus which integrates Atlassian's Crowd identity management server. You can read the installation instructions on docs.sonatype.org, but in this blog post I wanted to write a bit about Crowd itself and my objectives for the plugin. Read on to learn about Atlassian's Crowd and how you can use it with Nexus.

Interview with Brian Fox: Part 2 of 3: Saving Central

In this short, two-minute excerpt from my interview with Brian Fox, he describes the steps Sonatype took to mitigate the load and bandwidth problem which were affecting the Central Maven Repository late last year. While short, this audio contains some very useful information for anyone facing similar traffic problems. You'll hear him talk about the switch from Apache httpd to nginx.

Why Putting Repositories in your POMs is a Bad Idea

I get this question frequently so it is time to write down my thoughts on the answer so I can stop repeating myself. Here's the question:

Should I put the urls to my repositories in my poms or in my settings?

The short answer is: settings.

The long answer is: it depends.

There are two scenarios to consider here. Enterprise software (generally not published externally) and public software. Lets take Enterprise software first. Continue reading this post for a full explanation of both scenarios.

Interview with Brian Fox: Part 1 of 3: Nexus 1.3 Features

I sat down with Brian Fox last week in advance of the Nexus 1.3 release for a long interview about Nexus, Nexus Pro, features in the 1.3 release and some of the future directions for Maven. In this part of the interview Brian discusses some of the changes introduced in the Nexus 1.3 release and about some of the work to lay the foundation for the 1.4 release.

Interview with Rich Seddon on m2eclipse Testing

In a previous post entitled m2e Roadmap, Jason discussed Sonatype's commitment to quality and testing for m2eclipse. As a follow-up, I did a quick interview with Rich Seddon and asked him some questions about Sonatype's approach to testing for Eclipse plugins. The interview is approximately five minutes long and in this interview, you'll here Rich give some detailed descriptions of the tools he uses to test the m2eclipse plugin.

[media id=1 width=320 height=70]

Galoppini Covers Sonatype's Open Documentation

Roberto Galoppini just published a brief interview with Mark de Visser this morning which covers Sonatype's open documentation efforts. As someone who has been involved with Sonatype's open book efforts along with Jason, Brian, John, Jason, Bruce, and our other contributing authors it is interesting to see the traffic and interest that is generated by something as simple as free documentation. I've long been a big believer that books about open source software should be as free as the software itself, and I'm also convinced that solid documentation is a necessary foundation for a vibrant open-source community. Without a good "free" book, it is nearly impossible for an open source project to grow a community.

Maven 2.0.10 Released

After several months and countless release candidates, the 2.0.10 release is finally official.

Spin-off: Eclipse Chapter becomes a Book

As a part of or continued work to produce solid documentation for Maven, we've decided to spin off the m2eclipse chapter from Maven: The Definitive Guide in a new book: Developing with Eclipse and Maven. As we prepare to expand all three of our current books, we decided that smaller, more focused titles are going to be a better platform for future documentation efforts. The great thing about an online book is that it is flexible enough to evolve over time. It my opinion that, even though books are moving toward a digital-only experience, books that grow larger a few hundred pages don't scale well. For starters, they are difficult to print and navigate, but I also think that a 100 chapter behemoth of a book lacks focus. Even as PDFs, I like my books to be between 100-300 pages.

Nexus rules!

Yesterday I had a chance to release Mercury through the newly configured Nexus at https://repository.apache.org

The Hudson Build Farm Experience, Volume IV

In Progress: The Learning Curve We’re Still Climbing

Now that we’ve covered the high points of our Hudson build farm setup here at Sonatype, I want to discuss some of the current issues we’re facing at the moment. It’s important to realize that providing high-quality continuous integration is a long, involved process…not a quick, one-off event. Sure, you can get Hudson up and running fairly rapidly in a non-distributed environment. However, the path to distributed, multi-OS builds that capture a full range of testing can be very, very complex. In the end, if you can get by simply compensating for the problems I talked about in this series of posts, then you’re probably pretty lucky. Here at Sonatype, we’re certainly very conscious of the fact that our continuous integration setup could run more perfectly, and we continue to chip away at the list of things we’d like Hudson to verify automatically on our behalf. So, in the interests of full disclosure, I’m including a short wish list of items we’re currently working on.

The Hudson Build Farm Experience, Volume III

I’ve been working on a Hudson-based build farm for Sonatype and Maven open source builds since sometime in September of 2008. I’ve learned a lot as a result, so I thought I’d share some experiences from the trenches. In this third - and probably, final - installment I’ll discuss some issues we tackled with our VMWare environment itself, and look ahead to some issues with which we still grapple on a day-to-day basis.

VMWare, Efficiency, and the Space-Time Continuum

Compared to what we went through trying to get Windows builds running reliably out on the build farm, this discussion is going to seem somewhat…nitpicky. However, there are some important things to understand when you’re running a build farm on VMWare ESXi, so let’s dive in and take a look.

Sonatype's Hudson Plans for Maven Integration

I want to share with you what Sonatype is planning to do with Hudson - I hope you will be interested. We are planning a lot of work on the OSS side and will contribute that all back (provided the license of Hudson does not change to the CDDL). We are also planning to work on a commercially supported version of Hudson and we will create some additional commercial plugins. I think people here will be most interested in the OSS work so I'll start there.

It all starts with the work we've done with Tom Huybrechts over the last few months to embed Plexus inside Hudson. This has several implications, especially for those who are interested in Maven integration. Tom made the PluginManager itself pluggable and the Plexus version of the PluginManager that was created finds Plexus components in its standard way. As a result plugins now work the same way in Hudson, Maven and Nexus.

New Feature: Maven Settings Password Encryption

The problem of eliminating clear text passwords from all media has a long history of failure and success. In the first years of the HTTP protocol, designers, despite existence of asymmetric encryption, decided not to use anything. Later, having been burned by cleartext passwords, they added base64 encoding. Which, as one may guess, did not fool anyone in the business of retrieving those passwords.

Luckily - Netscape introduced the SSL tunnel for HTTP, which was widely and enthusiastically accepted. This eliminated some of the threats, but had nothing to do with protecting the password storage. Most systems that interact with an authenticated service over HTTP still have to figure out a way to store these credentials. The alternative is for the serivce in question to use something like OAUTH or a distributed ticketing system (ala Facebook or Twitter). But, for most systems that need to interact with an authenticate service of HTTP this is a serious problem. If you need to deploy to an authenticated repository manager like Nexus, how do you avoid putting your password into your build?

The Hudson Build Farm Experience, Volume II

I’ve been working on a Hudson-based build farm for Sonatype and Maven open source builds since sometime in September of 2008. I’ve learned a lot as a result, so I thought I’d share some experiences from the trenches. In this second installment I’ll discuss a few more details related to remote maintenance, along with the hurdles we encountered integrating Windows into our Hudson farm (and the solutions we found).

Eyes and Ears: Getting Access

Having access to the build farm is critical for maintenance, but it can also be very important to developers who are debugging a failing build. In our build farm, we’re using various mechanisms to provide this access, largely based on what is best suited for a particular VM operating system. The basic requirement here is to provide “natural” browsing capabilities for the filesystem on each VM, along with the ability to upload files if necessary (this came in very handy for installing and testing FlashPlayer, for instance).

We're Taking Requests

Are you having problems with a particularly crazy Maven build? Is there a part of Maven that you just don't have a handle on, even after reading and rereading The Definitive Guide or the Apache Maven site? We're here to support the community, and Sonatype is serious about helping to invest in the foundational, open-source documentation that will help the community around Maven grow and evolve. I'm biased because I focus on documentation, but I've always thought that good documentation makes the difference between open source projects that evolve over time and open source projects that fade into obscurity. The docs are the interface to the community, and as widespread as Maven is, there are still people adopting the tool and learning from step 1. If you have any requests for documentation, we'd encourage you to let us know.