Author Archives: Tim O'Brien

Download it All at Once: A Maven Idea

August 28, 2012 By Tim O'Brien

Consider, for a moment, your big corporate project that you work with every day. I know. It’s huge. I see several of these projects on a constant basis. Maybe you have one big project with multi-modules. Maybe you have a more mature approach that splits up a very large project into several multi-module projects. Whatever it is, there’s a chance that you also work in the kind of environment that has a huge build with hundreds of dependencies that spans tens of thousands of lines of code. Your build spends most of the day juggling dependencies, both internal and external

…and, the build takes forever the first time you run it. Correction, the build takes forever every time you run it because it is just that big, and because you have the sort of environment that demands you always check for snapshot updates. Welcome to the reality of using Maven on a very large-scale project.

Continue reading →

Nexus 2.1.2 Update Available Now: Minor Features and Fixes for both OSS and Pro

August 21, 2012 By Tim O'Brien

We’ve cut another Nexus release: version 2.1.2 of both OSS and Pro contains several minor bug fixes.

To download the newest version of Nexus Professional 2.1.2, click here.
To download the newest version of Nexus Open Source 2.1.2, click here.

Here is a list of fixes in version 2.1.2 for Nexus Open Source: look at the JIRA release notes for the 2.1.2 release. For professional we fixed a number of minor errors:

Nexus Professional has been upgraded to work with the latest version of the NuGet Package Explorer
POST and GET operations in the new Maven Nexus Staging plugin have been updated to account for custom proxy configuration.
A number of stability fixes have been made to NuGet support in Nexus Professional

Happy proxying.

(Often,) You People are Too Smart to Train

August 15, 2012 By Tim O'Brien

Too smart to train?

I don’t often teach our training classes in Maven or Nexus, but when I do, I always tend to get interesting classes. I’m halfway through a on site training class today that, so far, has stood out as a unique experience for me as a trainer. Usually you set up your slides, hand out the materials, and start running through the content. It often takes a class and an instructor an hour to find a good cadence for teaching and answering questions. One metric I keep track of is the amount of time spent delivering content from slides vs. the amount of time spent answering questions. I strive for 75/25 – 3/4 of the class is focusing on content, 1/4 of the class is focused on answer student questions.

The first thing I do in my classes is implore (literally plead) with the students to interrupt me. “Ask questions. If you don’t this class won’t be valuable to you.” I do this because all too often I have a class of students that seems reticent to ask question or interrupt. Who knows why, maybe they don’t want to ask a dumb question (those don’t exist), maybe they are taking the class with a manager and they don’t want to look bad? Whatever the case, silence is the worst thing an instructor can get in response to the question: “Are there any questions?….. no?….. anyone? Ok. Anyone want to make a statement?…. no? alright, let’s move on…”

Continue reading →

Dogfooding Sonatype Insight: We found Vulnerabilities in Nexus

August 13, 2012 By Tim O'Brien

“Dogfooding” is such a strange word, and I’m using it as a substitute for “Eating your own dog food”. As we do have a global audience, I worry that the term is somewhat provincial (and maybe a bit strange out of context). So here, here’s the explanation of this idiom on Wikipedia.

Sonatype is “recursive”. We’re a group of developers, creating tools for developers, getting feedback from developers. Logically, we tend to use everything we make. We’re the first customer. We deploy early development releases of Nexus Professional to our own Nexus Professional instance, we use repository.sonatype.org as a test case as the release approaches, and every feature we send out to our customers has been audited and tested internally. By the time you download our software, we’ve already been using it often for a few months or weeks, and we also make heavy use of Sonatype Insight to identify licensing and security risks.

Now, this blog post is a bit risky. I’m about to tell you about the security issues that the Engineering team discovered in Nexus when we ran Nexus through our Insight scanner during the Nexus 2.1 release. By doing this, I’m exposing people that haven’t updated Nexus to 2.1 to some risk. At the same time, I’ve given everyone ample notice to upgrade (I even made a video imploring people to upgrade), and I’m a big believer in transparency. If we know something related to security, you should know it as well after we’ve given people enough time to upgrade.

Continue reading →

Best Strategy for Migrating from Apache Ant to Apache Maven

August 9, 2012 By Tim O'Brien

Whenever I teach a Maven training class someone invariably asks me to give some advice for migrating a large, complex Ant project to Maven. Toward the end of the class, I’ll take questions:

Participant: “Could you give us some guidance for migrating Ant projects to Maven? Is there a process that you recommend to make it easier.”

My (honest) answer: “If it’s a complex project, it won’t be an easy battle. Before you go down this road you need to understand what you are signing up for. It can be very complex, you may end up interrupting an active development cycle, and once you evaluate all of your options you might find it easier to first migrate to a repository manager. Maven’s not the big win, moving a repository is.”

In other words, I often find myself trying to discourage swapping build tools just for the sake of swapping build tools. While I do believe that Maven is preferable to Ant, I think that the build space often suffers from a belief that the grass really is greener on the other side. It might be, but is it greener enough to justify that work stoppage that is involved in taking a big important project and moving it to a different build technology? Often the answer is no. If it isn’t related to making money, switching a build system is often the last thing an enterprise wants to do.

In this post I’m going to talk about the process of migrating build tools starts with a repository manager.

Continue reading →

Sonatype Blog: Latest Posts