Open
Description
Rationale
- Sonaytype has declared the Open Source Software Repository Housing (OSSRH) as end-of-life on 2025-06-30.
- OSS projects are encouraged to migrate before this date to Sonatype's Central Portal, otherwise one may lose the ability to publish.
- Doing this migration supposedly is difficult (for possibly synchronization reasons) for projects sharing a common name space. Since many OWASP projects share the org.owasp namespace, Jeremy Long had opened a ticket with Sonatype Central Support and requested that temporary dual-publishing for org.owasp and its child namespaces be allowed during the interval.
Important Links
Referenced by Sonatype in Their Notification Email
- Instructions for self migration are located here: https://central.sonatype.org/faq/what-is-different-between-central-portal-and-legacy-ossrh/#self-service-migration
Relevant Links Discovered by ESAPI Team
- https://central.sonatype.org/publish/publish-maven/#deploying-to-ossrh-with-apache-maven
- https://central.sonatype.org/publish/publish-maven/#gpg-signed-components
- https://central.sonatype.org/publish/publish-portal-guide/
- https://central.sonatype.org/publish/publish-portal-maven/
- https://central.sonatype.org/publish/publish-maven/
Other
This will likely affect the following:
- ESAPI's pom.xml
- ESAPI developers' (at least those who can upload to Maven Central repos) $HOME/.m2/settings.xml
- The ESAPI Release Steps (documentation/ESAPI-release-steps.odt, documentation/ESAPI-release-steps.pdf)