"Dual" publish #171
Description
As Maven Sonatype Central has various constant problems - like not open sourcing plugins, requiring over 30mins to deploy a <5MB bundle with artifacts - we should look for alternatives.
Don't believe me?
WTFAreThoseSonatypeStatusMetrics.webm
Full list
- At least 2 migrations to new servers (oss -> s01.oss -> central) in the past 5 years
- No notification of last migration to central and a very short time period (3 months from announcement to shutdown)
- Forced usage of a new plugin that is not open source with NO estimated time when it will become open source (according to communication; does this plugin contain a backdoor?) and buggy as hell
- Extremely long unpredictable deploy times (up to 1h) for the most simple artifacts (ZIP <4MB and ~200 files)
- Other ecosystems like Nuget or npm don't suffer from these problems
- Service outages (this got better in the recent time but still happens)
- Incorrectly reported status page metrics (Page shows deployments take 7min, but in reality it took 50)
- Removal of deployment information (once the deployment is done)
- Inability to create MULTIPLE access tokens which can be revoked in case of a security incident
- Differences between snapshot and release deployments (snapshots don't execute some checks like required author while releases do -> Crashes release process unexpectedly)
- No public issuetracker or transparency how these systems are run/maintained
GitHub provides Packages in public repos for free:
Publishing there is also quite easy:
https://docs.github.com/en/actions/how-tos/use-cases-and-examples/publishing-packages/publishing-java-packages-with-maven