ctubbsii commented on PR #183: URL: https://github.com/apache/maven-apache-parent/pull/183#issuecomment-1877686303
> > A lot of projects rely on this being already set up > > Understandable, but since these upgrades don't happen automatically and "fail fast", I don't see this as a big issue. I don't see this as "fail fast"... bumping the parent version is trivial, but the requirement that every user on a project set up a repository in their local workspace or in each project and in any automated builder environment, like Jenkins, can happen later, when a non-reactor snapshot is added (typically done while testing a bugfix in a dependency prior to that dependency's release, or when co-releasing projects at the same time). After reading all the arguments listed in favor of this, I think it boils down to: 1. Weird behavior with dependabot that seems to only affect a few people, for which there is a workaround, and 2. General advice against doing it because it could be slow... but this argument falls flat when the suggestion is that everybody still needs to set it up locally, and this doesn't come in at all for releases, which don't depend on snapshots. I'm just not convinced by the arguments in favor of doing this, and worry about the impact. It's been this way for so long, without any problems whatsoever. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
