Use correct svmhelper artifact + newer version

libgdx / gdx-liftoff

A modern setup tool for libGDX Gradle projects

Apache License 2.0

529 stars 50 forks source link

Use correct svmhelper artifact + newer version #144

Closed Berstanio closed 10 months ago

Berstanio commented 10 months ago

mavenCentral artifacts are preferable over jitpack in my opinion, because jitpack is inherently unsafe/their tags can be manipulated easily from my understanding. Last time I forgot to release the staging release on sonatype, this time I didn't, so it should work!

tommyettinger commented 10 months ago

Maven Central artifacts are preferable, and yes you forgot the staging release last time, but I disagree with everything else you said. :3 You are probably thinking of BinTray/JCenter, which was very unsafe. If you can "easily" manipulate JitPack tags, please release SquidSquad 4.0.0-a999 under its correct JitPack coordinates ( https://jitpack.io/#yellowstonegames/SquidSquad/v4.0.0-alpha1 has the coordinates for alpha 1), without me knowing. I'll merge this, but I do want to know why you think JitPack is "inherently unsafe."

Berstanio commented 10 months ago

I do want to know why you think JitPack is "inherently unsafe."

What I meant was, that the jitpack builds are not immutable. This means, you can just change a tag, delete the existing artifacts and build a new one for an already released version. I just found out that artifacts get immutable after 7 days which I didn't knew, which makes it way better than I thought. However, in my opinion artifacts should be immediately immutable.

tommyettinger commented 10 months ago

I believe logging into JitPack lets you click the Freeze icon (a snowflake) next to any build to make it immutable.