You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "John Casey (JIRA)" <ji...@codehaus.org> on 2012/10/19 19:19:36 UTC

[jira] (MNG-5361) dependencyManagement should manage OVERRIDDEN plugin dependencies

John Casey created MNG-5361:
-------------------------------

             Summary: dependencyManagement should manage OVERRIDDEN plugin dependencies
                 Key: MNG-5361
                 URL: https://jira.codehaus.org/browse/MNG-5361
             Project: Maven 2 & 3
          Issue Type: Bug
          Components: Dependencies, Plugins and Lifecycle
    Affects Versions: 3.0.4
            Reporter: John Casey


In some ways this is a rehash of MNG-2496 with a different twist.

We're managing enormous sets of interrelated projects, and producing a coherent product (actually many) from these. We're using a cleanroom environment for builds, which means we're trying to limit the number of versions of any given project in that environment to the ones we're actually trying to ship.

To prevent a situation where a single project version upgrade triggers a massive cascade of rebuilds, we're using dependencyManagement extensively to help us manage the versions of things that go in the product(s).

In unusual cases, projects require a particular plugin-level dependency to enable extra functionality (antrun, for example), or to bring in an artifact handler / archiver (assembly plugin).

These cases represent a leak of our managed dependency set, where version information escapes into individual projects and requires that they be rebuilt each time the dependency version changes...putting us part of the way back into the cascading-updates hell.

It may be unreasonable to allow dependencyManagement to control the NORMAL set of dependencies in the plugin's depgraph...I agree with the conclusion in MNG-2496 100%. HOWEVER, in cases where the project overrides or introduces extra dependencies via <plugin><dependencies/>, we SHOULD allow Maven to manage those dependencies.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira