[
https://issues.apache.org/jira/browse/MNG-7238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17417334#comment-17417334
]
Karl Heinz Marbaise commented on MNG-7238:
------------------------------------------
First based on your question:
{quote}On the other hand should there be a limitation for doing a deprecation
or not?{quote}
Should it be allowed {quote}
If you have a maintainer of a lib should it be allowed for that person to
define "deprecated" or should it also be possible for other people to define
"deprecation" for cases like a maintainer does not answers requests(for
whatever reason) So how could that being handled?
So finally it boils down to the point who can define a component as
"deprecated" apart from the whole technical aspects and possible breaking
parts...
Furthermore If suggest to make changes/enhancements in Neus/Artifactory you
should contact them...you call it a bit of cooperation... which means they have
to implement that in their products...
> Dependency deprecation indicators
> ---------------------------------
>
> Key: MNG-7238
> URL: https://issues.apache.org/jira/browse/MNG-7238
> Project: Maven
> Issue Type: New Feature
> Reporter: Chris Kilding
> Priority: Major
>
> I would like to propose a new Maven feature: dependency deprecation
> indicators.
> In a nutshell, the idea is to let maintainers set a 'deprecated' metadata
> indicator on a Maven artifact in a repository. This will indicate to users
> that the artifact should no longer be used.
> The Maven CLI tools could then react to deprecation indicators in the
> appropriate ways:
> * {{mvn}} itself: Print a warning when deprecated dependencies are seen.
> * Maven Enforcer Plugin: Add a {{<banDeprecatedDependencies>}} rule which
> throws an error when deprecated dependencies are seen. (Also have a 'skip'
> property which allows the rule to be temporarily bypassed if needed.)
> * Maven Dependency Tree: Print a {{[deprecated]}} notice next to any
> deprecated dependency in the tree.
> We can also envisage automated agents like Dependabot or Snyk using these
> indicators to alert developers about deprecated dependencies in their stacks,
> and even assisting developers to remove them.
> Some of the major build tools outside the JVM already have deprecation
> indicators:
> * NPM: [https://docs.npmjs.com/cli/v7/commands/npm-deprecate]
> * Nuget:
> [https://docs.microsoft.com/en-us/nuget/nuget-org/deprecate-packages]
> * Composer:
> [https://tomasvotruba.com/blog/2017/07/03/how-to-deprecate-php-package-without-leaving-anyone-behind/]
> * Cocoapods: [https://guides.cocoapods.org/syntax/podspec.html#deprecated]
> So the feature has precedent, and I believe it would be useful to have in
> Maven.
> This Jira ticket follows up from the conversation "Feature proposal:
> Dependency deprecation indicators" on the maven-dev mailing list.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
