Maven Repositories: How Not to Treat End-users


So some Nexus user reports a problem with a Maven repository for iText. My first suspicion is that the repository is just being hosted by some web server. Maybe it has some issue with a metadata file. Who knows. But, I expect everything these days, people still hold on to the idea that a “Maven Repository” is just a bunch of files barfed on to the filesystem of a web server (it isn’t, there’s a bit more).

So I check out the root of the repository and see this welcoming bit of text:

“We now have our own Maven repository (available as long as we can pay for the extra traffic; note that this service will be taken offline if there are not enough users that are willing to become customers).”

That’s a threat. That’s a passive agressive threat. I call this the “Open Source Now, but You Just Wait Until We Fail” approach to business. This reads like some difficult Ant guy was forced to publish a Maven repository against his recommendation. “This service will be taken offline if there are not enough users that are willing to become customers”. Please, how annoying is this? How much is that bandwidth bill? I’ll bet they pay all of $2/month for the bandwidth to serve iText JAR files. I mean I’d understand this if there was no free option available to these people to publish these artifacts, but, clearly, these people are operating in an isolated bubble.

So, instead of threatening users, this is what this project should do:

  • Use an Open Source Repository Manager – Either Archiva , Artifactory, or Nexus. (Clearly, I’m recommending Nexus, but know that there are alternatives.) I only recommend this because it sounds like the person who set this up is somewhat exhausted from all the effort. It’s easy to set up one of these servers, but if you don’t like managing infrastructure…
  • Take advantage of a free Sonatype OSS repository (if you are an open source project) – No charge for this, all you have to do is ask, and since you seem like you are adverse to paying for the massive bandwidth bill, you don’t even have to pay for the bandwidth. Also once you’ve moved on to the OSS Sonatype repository, you can publish releases to Maven Central. Did I mention that this option is 100% free? (If you don’t like free, are not running an open source project, or want your own instance pay for a hosted Artifactory instance.)
  • Publish Your Artifacts to Central This one isn’t optional, and it isn’t about you working to help your end-users. This is more about you not being a difficult project to consume. Think of this less as a favor for your ungrateful, blood-sucking users and more as something that is just expected. Honest, at this point, if you don’t publish your artifacts to Central, people are cursing you every single day.

What users really don’t want is a company that threatens to make it more difficult to use a library for want of customers. Admittedly, this is a message of weakness that could be translated to: “We’re lucky to be able to pay for the electric bill these days, we’ve spent our last nickel on this Maven repository, please become a customer and save us.”

Celebrate your charity, “Look we care about our users and customers, here’s a standard repository manager.” Better yet, announce that you have integrated your release process to publish artifacts to Maven Central.