Howdy, just a short pointer to published BOMs: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/4.0.0-rc-2/
Here you can inspect generated "fat" and "skinny" BOMs Maven4 build produces. T On Sat, Jan 25, 2025 at 2:10 AM Tamás Cservenák <ta...@cservenak.net> wrote: > > Howdy, > > The story of BOM POMs is manifold. > BOM POMs are a "very good thing" to publish for _downstream consumers_ > that consume your stack. > Problems begin when devs try to "reuse" the BOM within their own build > (same reactor BOM is published from). > > If consuming BOM, it should ideally come from outside (external to) > your reactor. > If you use "import" scope within the reactor, it is where (does not > have to, IF you are VERY careful) problems begin. > Moreover, you usually want to "detach" the BOM from your parent POM, > that even more introduce peculiarities and problems > (ie. how to deploy it? So you now introduce some "skinny" parent, etc) > > Hence, the general rule of thumb is: > - BOM is good per se > - BOMs you consume should _always_ originate from outside of the > reactor (simply to avoid all the problems). > - BOMs you produce should target downstream consumers ONLY > > Moreover, Maven 4 has a capability now (not in Maven3!) to _import BOM > with classifier_. > > Hence, with Maven4 (obviously, this makes build maven4 only), the > preferred way to do things is: > - sort out dependencies in reactor "as usual", using INHERITANCE > - do NOT re-import BOM within reactor > - BOM you author/publish should be used ONLY by downstream projects > - generate your BOM > > As an example, you can look at Maven build itself: > - it generates BOM > - offers two BOMs: skinny and fat > > And here comes the second important bit: there is a disagreement (or > different interpretation) about "what BOM is". > Hence, Maven itself delivers TWO BOMs: skinny and fat. See [1] for > explaining what "skinny" and "fat" BOMs are. > > [1] https://github.com/apache/maven-site/pull/598#discussion_r1894013277 > > HTH > T > > On Sat, Jan 25, 2025 at 1:50 AM Olivier Lamy <ol...@apache.org> wrote: > > > > Hi, > > Nice presentation. > > I have been asking on slack but no answer, so I still don't understand why > > this > > " Warning: Same-reactor BOMs will be deprecated (use external BOMs only!` ?" > > > > It's very convenient for large projects providing boms to have > > demos/examples as part of their build. > > And obviously, those demos/examples use the bombs to show good usage > > (in my case, the Jetty project). > > So why is it such a problem? > > > > On Thu, 23 Jan 2025 at 01:25, Tamás Cservenák <ta...@cservenak.net> wrote: > > > > > > Howdy, > > > > > > Lately, we get this question quite often. > > > > > > Today Guillaume assembled this very informative presentation: > > > https://gnodet.github.io/maven4-presentation/ > > > > > > There is also ongoing effort to assemble a page on Maven site as well: > > > https://github.com/apache/maven-site/pull/598 > > > > > > Have fun > > > T > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org