You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Ruel Loehr <ru...@jboss.com> on 2006/03/16 00:47:37 UTC
updating of dependency pom's
Once a pom for a dependency has been copied to the local repo, it is
never updated.
For those of you who maintain a company internal repo, do you ever have
the situation where a dependency pom in your internal repo differs from
the corresponding pom in the public repo? (e.g. you want to record
additional info such as license information, or the public pom is not
correctly defined).
The problem I see is that it is difficult to ensure that a user is using
the correct pom.
For example, if a user downloads maven, builds something with it, his
local repo gets populated.
Then, if the user tries to build my app, and I have defined a thirdparty
pom in my own internal repo that differs from the public one, the
original public version will be used (even if my app includes a maven
distro and a settings.xml specifying my own repo).
Any ideas on how to work around this? I feel like I need control over
the repo, but cannot ensure that the user hits my repo first.
Appropriate jira issue is here:
http://jira.codehaus.org/browse/MNG-1954
Ruel Loehr
JBoss QA
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: updating of dependency pom's
Posted by Brett Porter <br...@gmail.com>.
As you've pointed out, updating POMs is a bad idea for
reproducibility. We'd like to make it possible to track the revisions
in a pom to allow "fixing them" while retaining compatibility, but at
this point it is assumed that they don't change once deployed.
My suggestion, if you need to customise something, is to deploy the
POM and the original or modified artifact under your own group ID in
the repository. So maybe something like:
org.jboss.ports.commons-foo : commons-foo : 1.0
This would be much clearer and more reliable, I believe. Is this
something that is a common occurrence?
- Brett
On 3/16/06, Ruel Loehr <ru...@jboss.com> wrote:
> Once a pom for a dependency has been copied to the local repo, it is
> never updated.
>
> For those of you who maintain a company internal repo, do you ever have
> the situation where a dependency pom in your internal repo differs from
> the corresponding pom in the public repo? (e.g. you want to record
> additional info such as license information, or the public pom is not
> correctly defined).
>
> The problem I see is that it is difficult to ensure that a user is using
> the correct pom.
>
> For example, if a user downloads maven, builds something with it, his
> local repo gets populated.
>
> Then, if the user tries to build my app, and I have defined a thirdparty
> pom in my own internal repo that differs from the public one, the
> original public version will be used (even if my app includes a maven
> distro and a settings.xml specifying my own repo).
>
> Any ideas on how to work around this? I feel like I need control over
> the repo, but cannot ensure that the user hits my repo first.
>
> Appropriate jira issue is here:
> http://jira.codehaus.org/browse/MNG-1954
>
> Ruel Loehr
> JBoss QA
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org