Howdy, just a short pointer to published BOMs:
https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/4.0.0-rc-2/

Here you can inspect generated "fat" and "skinny" BOMs Maven4 build produces.

T

On Sat, Jan 25, 2025 at 2:10 AM Tamás Cservenák <ta...@cservenak.net> wrote:
>
> Howdy,
>
> The story of BOM POMs is manifold.
> BOM POMs are a "very good thing" to publish for _downstream consumers_
> that consume your stack.
> Problems begin when devs try to "reuse" the BOM within their own build
> (same reactor BOM is published from).
>
> If consuming BOM, it should ideally come from outside (external to)
> your reactor.
> If you use "import" scope within the reactor, it is where (does not
> have to, IF you are VERY careful) problems begin.
> Moreover, you usually want to "detach" the BOM from your parent POM,
> that even more introduce peculiarities and problems
> (ie. how to deploy it? So you now introduce some "skinny" parent, etc)
>
> Hence, the general rule of thumb is:
> - BOM is good per se
> - BOMs you consume should _always_ originate from outside of the
> reactor (simply to avoid all the problems).
> - BOMs you produce should target downstream consumers ONLY
>
> Moreover, Maven 4 has a capability now (not in Maven3!) to _import BOM
> with classifier_.
>
> Hence, with Maven4 (obviously, this makes build maven4 only), the
> preferred way to do things is:
> - sort out dependencies in reactor "as usual", using INHERITANCE
> - do NOT re-import BOM within reactor
> - BOM you author/publish should be used ONLY by downstream projects
> - generate your BOM
>
> As an example, you can look at Maven build itself:
> - it generates BOM
> - offers two BOMs: skinny and fat
>
> And here comes the second important bit: there is a disagreement (or
> different interpretation) about "what BOM is".
> Hence, Maven itself delivers TWO BOMs: skinny and fat. See [1] for
> explaining what "skinny" and "fat" BOMs are.
>
> [1] https://github.com/apache/maven-site/pull/598#discussion_r1894013277
>
> HTH
> T
>
> On Sat, Jan 25, 2025 at 1:50 AM Olivier Lamy <ol...@apache.org> wrote:
> >
> > Hi,
> > Nice presentation.
> > I have been asking on slack but no answer, so I still don't understand why 
> > this
> > " Warning: Same-reactor BOMs will be deprecated (use external BOMs only!` ?"
> >
> > It's very convenient for large projects providing boms to have
> > demos/examples as part of their build.
> > And obviously, those demos/examples use the bombs to show good usage
> > (in my case, the Jetty project).
> > So why is it such a problem?
> >
> > On Thu, 23 Jan 2025 at 01:25, Tamás Cservenák <ta...@cservenak.net> wrote:
> > >
> > > Howdy,
> > >
> > > Lately, we get this question quite often.
> > >
> > > Today Guillaume assembled this very informative presentation:
> > > https://gnodet.github.io/maven4-presentation/
> > >
> > > There is also ongoing effort to assemble a page on Maven site as well:
> > > https://github.com/apache/maven-site/pull/598
> > >
> > > Have fun
> > > T
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > > For additional commands, e-mail: dev-h...@maven.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Reply via email to