nblair
commented
5 months ago Hello @theCapybara, thanks for opening this issue, you did find the right place. We appreciate you taking the time to engage with us and this is an important discussion.
What is the state of the Nexus open source project?
There are a few overlapping terms in your question that I think require a little bit of clarification before we dive further.
Sonatype Nexus Repository is the world’s most widely used solution to manage components, binaries and build artifacts across your entire software supply chain. Sonatype distributes two editions of this product:
Sonatype Nexus Repository OSS: This offering is free to use and includes a combination of open sourced capabilities (the core repository manager, file system and S3 integration, support for maven, raw, and APT formats) and closed source capabilities (Docker, npm, RubyGems, PyPI, and others) licensed under Sonatype’s End User license agreement (in your Nexus Repository deployment, look for the question mark icon in the top right, under About, and the License tab).
Sonatype Nexus Repository Pro: This offering requires a paid subscription and is best of breed for Software Development enterprises, unlocking additional scalability, integration and more.
Now, turning back to the GitHub project 'nexus-public': Per the “About” on the main page for this repository, this project is an “Open-source codebase mirror”. It contains only the source code for the open sourced capabilities of Repository OSS, and is licensed under the EPL-1.0. A common misconception is that this repository contains all of the source code for Sonatype Nexus Repository OSS; it does not. Sonatype does not build from this source repository, nor do we distribute the deliverable it can produce.
There are a few PRs open which have been unanswered for years and some community plugins such as the Composer plugin are seemingly abandoned.
Regrettably, since nexus-public is effectively a read-only export of the source, merging Pull Requests from the community is not as straightforward as the capabilities Github has to offer. Github does not offer the ability to disable the Pull Request capability on public repositories.
The Composer plugin you mention and many others are part of a separate Organization in Github, https://github.com/sonatype-nexus-community, which are “Community projects meant for the Sonatype Nexus Platform. Affiliated with Sonatype, but inclusive of work our community has done!”
While there are a select minority of projects within the sonatype-nexus-community that Sonatype actively maintains, the majority are maintained (or not) by Community authors and contributors. Each README for projects in the sonatype-nexus-community organization includes the following “fine print” in its footer:
The Fine Print It is worth noting that this is NOT SUPPORTED by Sonatype, and is a contribution of ours to the open source community (read: you!)
Remember: Use this contribution at the risk tolerance that you have Do NOT file Sonatype support tickets related to Composer support in regard to this plugin DO file issues here on GitHub, so that the community can pitch in Phew, that was easier than I thought. Last but not least of all:
Have fun creating and using this plugin and the Nexus platform, we are glad to have you here!
We do regularly evaluate projects for inclusion - there are two in the community we are actively evaluating now - with these evaluations serving as meaningful input to our roadmap planning. Readying the community projects for the realities of scale with enterprise customers, wiring in support for many other cross-cutting pro capabilities (High Availability, Replication, et al), and setting up the infrastructure to ensure ongoing support takes significant time and investment.
Is there any way/process in place to help out? We would potentially consider helping out maintenance of the Composer plugin for example.
If you are interested in the Composer plugin, I can work with you directly to provide additional access to maintain the plugin. Reach out to me via email at nexus-feedback@sonatype.com if you’d like to explore this further.
Thank you for starting the conversation with us here - I welcome your further feedback and questions!
cstamas
Hello! I'm sorry for opening this sort of "meta issue" but I couldn't really find any appropriate channel for this*.
What is the state of the Nexus open source project? There are a few PRs open which have been unanswered for years and some community plugins such as the Composer plugin are seemingly abandoned.
Is there any way/process in place to help out? We would potentially consider helping out maintenance of the Composer plugin for example.
*: I asked on the Gitter channels, but then I noticed there didn't seem to be any official Sonatype employees / Nexus maintainers on there anymore. I can't check the sonatypeDev Twitter account, since I don't have Twitter and you can't view tweets anymore without an account. What would be the best place to discuss this, I'm guessing a GitHub issue probably isn't it.