pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: sehrope (@sehrope) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] PR #4079: docs: spell out the proactive-security window in SECURITY.md
Date: Thu, 21 May 2026 12:17:43 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
If we split the publication step from the artifact creation then this would be significantly more future proof.
Branches should only concern themselves with generating the target artifacts, i.e. the jar and source jar. The checksums, signatures, and publishing should have happen out of band. The only inputs into the publishing step are jars + version numbers and it publishes it to wherever / however we want.
No worrying about back branch publication going stale or Sonatype changes not being reflected. Just build the jar however we were building it at the time and handle publication of the artifacts separately.
And end-to-end build / test / sign / deliver flow is much more likely to break than just a build one to just produce the jars.
This approach also means that porting patches to back branches would only be the patches themselves. We should never have to touch the (at the time) build system.
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #4079: docs: spell out the proactive-security window in SECURITY.md
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox