Read on Twitter
If you’re freaking out because of the Bintray / jcenter announcement and need to get your Java components into Maven Central, don’t worry, we’ve got you. Here are a few things to know:
Lots of less visible improvements have been put in place since you probably deployed to http://oss.sonatype.org years ago. The validation and onboarding process has been automated, making the approval of your coordinates happen much faster and in many cases, automatically.
Yes, we do still validate coordinates. This has always been the case for what 16 years or so and that isn't going to change.
Validation of coordinates is the way that we ensure people can't (as easily) pretend to be a project they are not. I recently wrote about that here: https://blog.sonatype.com/malware-removed-from-maven-central
To drop those requirements is to embrace the type of easy brandjacking that happens in other repos. [1] https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware [2] https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malware [3] https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains and on and on....
To address the overwhelming demand we've seen recently, even preceding the Bintray announcement, we have stood up new infrastructure and were in the process of preparing to announce it more broadly. Some large projects have already moved over to it quite successfully.
If you are currently, or have recently had issues pushing your builds...lets get you over to the new infra. If you have a very large project that might justify dedicated infra, we want to talk to you as well. Create a ticket and ask us to migrate you. https://issues.sonatype.org/projects/OSSRH
Starting next week, net-new signups will automatically be added to the new infrastructure. This combined with moving of larger, higher volume projects will create a better experience for existing users who don't move. Everyone wins.
If you were previously deploying to Bintray and still promoting to Central, you have already been configured in our system so you should have what you need to begin deploying directly. If you're not sure though, create a ticket and we'll help you out.
If you were previously deploying to Bintray and -not- promoting to Central, then we will have to get you setup and figuring out how to handle your coordinates is going to be a conversation. For those long standing requirements, you can see here: https://central.sonatype.org/pages/choosing-your-coordinates.html
And with all of this, we are here to help, if you're confused or struggling, just ask. If you think the coordinate requirements won't work for your project, lets discuss and try to figure it out. Tweet me if you want, or @sonatype_ossrh or create a ticket at the above Jira.
One last thing, if you are deploying to Central and want to see security analysis of your project dependencies, we've been working on that too. Hit me up and I'll share what we have with you preview style. We were just about to launch an Alpha program, so YOLO, here it is.
