Hi, I'd like to throw in my 2 cents. The maven repository was (as I recall) started back in the Maven 1.x days, when people didn't REALLY do ANY dependency management. Since then, the repository grew, Maven1.x grew and grew. A while later, Maven 2.x was released, and AFAIK the Maven 2.xrepository is a conversion of m1's repository. One of the biggest advantages and DRAWBACKS of the m2 repo is that *there is no removal or modification of existing artifact versions" to preserve backward compatibility. This is a valid argument - but it is also our achiles' heel, due to the amount of bad metadata already there.
Perhaps it is time we put all our knowledge we at the maven community have acquired over time regarding PROPER dependency management and declaration, in order to create a new project CLEAN repository, where all groups are really mapped to actually owned domain names (no more "xerces" groupId, for instance) and all metadata is validated and agreed upon. Start afresh. I've noticed the "http://repo1.maven.org/maven2-repoclean-java.net/"; repository, which seems like a nice starting place, though I'm not sure what it's for, really. What do you think? On 5/5/07, Carlos Sanchez <[EMAIL PROTECTED]> wrote:
We are really aware of these problems, and it's not just Maven, Ant, Ivy and other tools also make use of the repository. There are mailing lists [EMAIL PROTECTED] (for ASF repository) and [EMAIL PROTECTED] (for the whole central repo). i'd just point to http://maven.apache.org/guides/mini/guide-maven-evangelism.html http://maven.apache.org/guides/mini/guide-central-repository-upload.html to fix problems when the original projects don't care about the repository On 5/4/07, Joerg Hohwiller <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > I am seeing more and more the need that the community takes better control over > what is dumped into the central repo. This seems to get more and more like a > rubbish dump. There are duplications of the logically same artifacts. This > causes extremly ugly situations in projects with a high level of integration, > because you may end up with the same code multiple times in your classpath. > > To point this out just two examples: > > javax.persistence with 3 different groupId's: > http://repo1.maven.org/maven2/javax/persistence/ > http://download.java.net/maven/1/javax.ejb/jars/ > > spring: > http://repo1.maven.org/maven2/org/springframework/ > there is an all-in-one actifact (spring) > as well as fine modularized artifacts (spring-core, etc.). > > You might say that this is the problem of the projects producing such artifacts. > If you ask me this is also a question about wether maven2 is a real success or > not. In such situations I hear many people scream that dependency management is > the gate to hell. It is definetly not, but you get punished by the bad work of > the others. And if you look at the zoo of senseless dependecies of apache > artifacts such as xerces or some of the commons it is really a pitty! > > Please also consider that it is NOT an option to remove or modify an artifact > from the central repository. There is the need to tripple-think about it before > adding an artifact to the central repository ESPECIALLY if the one putting it > into the repository is NOT the creator of the artifact. > > I am already active on the mailing-lists of several other open-source projects > trying to convince the people about the need and the impact of maintaining their > artifacts properly themselves for being uploaded to ibiblio. > It is somewhat strange that even apache-projects like lucene or POI dont think > much of maven and need to be convinced that it is worth the effort of providing > valid and senseful POMs for their artifacts and staging them to ibiblio. > For lucene I provided the POMs for some contrib half a year ago and nothing > happened so far. > > Greetings from a maven fan that is a little frustrated > Jörg > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGO5dymPuec2Dcv/8RAhS7AJsFQK0ro4tECUhvtdqXNJ2GYy2WgACdGBXY > igNS02rPP8PH1lA1rVYiIJg= > =9+xA > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- I could give you my word as a Spaniard. No good. I've known too many Spaniards. -- The Princess Bride --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
