Hi Jörg,
On 27 Jun 2014, at 2:11, Jörg Schaible wrote:
When maven is checking for a repository for an artefact, and using a
mirror - if that artefact can't be found, maven should retry using
the
original repository directly with builds warnings.
Very bad idea. Especially if the original repo is not/no longer
reachable
and you have to wait for a timeout. And you can no longer control with
an
Archive Manager what actually is used from where.
True - as mentioned in one of my other replies, this was the part of the
idea I wasn't 100% sold on myself, and the reason you state here is also
the #1 reason I loathe <repository> being mentioned inside a pom.xml as
well.
essentially an
implicit mirroring your dependencies.
And suddenly we have all kind of stuff in public repos that are not
allowed
to be distributed.
True - a further thought on this was that a) `optional` or `provided`
dependencies shouldn't be published, but further - we _could_ add an
`exclusions` list inside `dependencyManagement` to exclude those that
shouldn't be published.
Part of my thinking here is that if you're artefact depends on things
that can't be published, why are you pushing that artefact to a public
repository in the first place?
IMHO, the best option *is* actually to remove the <repository>
elements.
Agreed - but for other reasons.
