There is a problem with the maven-release-plugin when used with recent versions of Subversion. It stared at version 1.5.1 of Subversion and made the release:prepare command fail because Maven was no longer able to tag the release.

You may have encountered the following error with release:prepare:

svn: File '...' already exists

One reason for this can be SCM-406.

For some time I've worked around this issue by doing my releases on a machine with an older version of Subversion.

A better solution is to use the latest version of the maven-release-plugin (2.0-beta-9 at the moment) and set the remoteTagging property to true:

<build>
  <plugins>
    <plugin>      
      <artifactId>maven-release-plugin</artifactId>
      <version>2.0-beta-9</version>
      <configuration>     
        <remoteTagging>true</remoteTagging>
        <preparationGoals>clean install</preparationGoals>
        <autoVersionSubmodules>true</autoVersionSubmodules>
        <tagBase>...</tagBase>
      </configuration>
    </plugin>     
  </plugins>
</build>

Keep in mind that you should always specify the exact version of the plugins you are using. This not only makes sure you get what you need it also ensures that the build is reproducible in the future and works consistently accross different machines.

Add a comment

Posted by Stefan Reuter on May 30, 2009 3:58:00 PM CEST #

Thomas has a nice example of how Deutsche Lufthansa has leaked personal data through an entertainment site operated by an external agency.

Most companies have strict rules for handling personal data and installed security policies for secure handling of sensitive information. Therefore enterprise data centers are usually quite secure. However the corporate processes that are required to keep the standards high are slow and expensive. This causes some companies to skip them in favor of faster and cheaper alternatives.

One solution is to accept hosting offers by the agencies that build the sites. The problem is that they are seldomly capable of providing a secure environment. It's just not their business. The result is that sites with sensitive data are operated in shared hosting environments by unskilled persons out of control of corporate IT. It's only a matter of time until security issues pop up and companies can be glad if they are informed before any data is stolen.

It just doesn't make sense to harden the front door if you open up a few back doors at the same time. The best security policies are worthless if companies are willing to bypass them for faster and cheaper alternatives. Maybe Thomas' story will help showing the value of corporate IT to those seeking alternatives without looking at the consequences.

Add a comment

Posted by Stefan Reuter on May 26, 2009 1:27:00 PM CEST #

As DECT is mostly broken it was time for some new mobile handsets.

We are already using Asterisk for our communication so the new mobile handsets are required to work well with it. Communication should be secure and ideally the handset would also be a mobile (GSM) phone that could be carried along when leaving the office.

Our choice was the Nokia E63. It supports quad-band GSM, UMTS, SIP and WLAN IEEE 802.11b/g including WEP, 802.1X, WPA and WPA2. Combining GSM and SIP + WLAN works out great. In the office we directly receive landline and VoIP calls to our mobile. When we are away Asterisk detects the missing phone and either routes calls to the mobile number or sends callers to the mailbox.

The solution is affordable, based on open standards, secure and very user friendly.

Add a comment

Posted by Stefan Reuter on May 1, 2009 1:31:32 PM CEST #