You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Petri Tuomola (Jira)" <ji...@apache.org> on 2020/05/23 18:24:00 UTC
[jira] [Commented] (FINERACT-1002) Remove all usages of '+'
versions in build.gradle
[ https://issues.apache.org/jira/browse/FINERACT-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17114914#comment-17114914 ]
Petri Tuomola commented on FINERACT-1002:
-----------------------------------------
The way I've always understood the Spring dependency management plugin to work is:
* No version specified: use the version in Spring BOM
* Specific version specified: use the specified version (override Spring BOM)
* "+": use the latest version available in the repository (override Spring BOM)
So in my view a sensible policy would be therefore to leave the version out for anything listed in Spring BOM. With one exception: if Spring BOM specifies an old version and we want to explicitly use a newer one, in which case we should of course explicitly specify the version we want to use.
Let me check if I can find an authoritative document to confirm my understanding...
> Remove all usages of '+' versions in build.gradle
> -------------------------------------------------
>
> Key: FINERACT-1002
> URL: https://issues.apache.org/jira/browse/FINERACT-1002
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Michael Vorburger
> Priority: Blocker
>
> While code reviewing [~natashan]'s https://github.com/apache/fineract/pull/927 I thought again about the exchange we had with [~xurror] during FINERACT-805 re. our use of "+" versions in our build.gradle - and decided that this seems like something we really should have a dedicated new issue for...
> Unless I misunderstand something (which is possible), our current use of '+' could actually be source of future build instability (if they indeed cause the "latest available version" to be used, instead of a fixed one). Therefore to me this seems to be more of a Blocker than just some nice to have...
> What I'm not super clear about is what exactly that '+' means. Is it the latest version from the fixed version of the Spring BOM? Then it would actually be fixed, right? Or is it the latest (major/minor?) version available on Maven Central? Then it would be (very) unstable.. It would be good for someone to be able to find an authoritative link to some doc about this.
> Would it make sense to replace all our usages of '+' versions in build.gradle with fixed versions? Or is this not required? -- And if we do, let's clarify that inline comment I put on top of the file to be more clear and directive (replace "we should also avoid" by "do not use").
> [~awasum] [~ptuomola] [~Percy Ashu] any input to this? Interest in taking this?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)