Immutability of Published Components⚓︎
Before publishing to Maven Central, please ensure that you have done your due diligence to ensure that everything you are publishing complies with our terms and conditions. In order to provide reliable access to open source components for our users to include in their projects, we do not remove or modify components once they are publicly available.
When a project includes a specific version of a component as a dependency, there is an inherent expectation that a end-users will be able to build that project in a repeatable, reliable manner. A part of that expectation is that Maven Central will be able to provide every dependency exactly as they were originally published. Our requirements of including checksums and GPG signatures enable users to prove that the version of a component downloaded today is the same as the version downloaded yesterday, and that the component was provided by a verifiable person or organization.
Alternatives to Removal or Modification of Components⚓︎
If you have published a component that has a bug, the best path forward is to publish a new release of the component with a fix for the bug. If you are using Semantic Versioning, this would be best as a patch release to communicate to your users that the new version is compatible with the previous version. Once that is published, broadcast the new release to your users via your communication channels.