ctubbsii commented on PR #183:
URL: 
https://github.com/apache/maven-apache-parent/pull/183#issuecomment-1905091600

   > > Local builds are affected
   > 
   > Not sure how. Usually local builds are either multi-module or 'installed' 
and do not use snapshot repository anyway.
   
   This isn't always true. For example, Apache Accumulo is configured in 
ci-build Jenkins to publish daily snapshots from the main `accumulo` 
repository. These snapshots can then be used to test Apache Fluo, which is a 
project that builds on top of Accumulo. Similarly, Apache Fluo can be similarly 
configured to publish snapshots so that Apache Rya can use them, and so on. 
People don't always do `mvn install` on everything in their dependency chain 
when they are doing development on a project that builds on other projects. 
That would require a lot of aggregate expertise as you go on downstream, and a 
lot of extra time and wasted effort. Snapshots published for other downstream 
project developers are very useful.
   
   Similarly, if/when a snapshot build of a maven plugin is published, 
downstream projects can test to see if a specific bug in a plugin was fixed 
correctly. The same can happen with Apache commons libraries (I think I 
remember testing a bugfix for commons-vfs2 this way a long time ago).
   
   So, snapshots are very useful for sharing build snapshots between projects. 
They can also be useful across multiple repos in a single project. For example, 
Accumulo also uses our snapshot builds to test our examples repository, and to 
run some more complicated test suites that are stored in a separate testing 
repo.
   
   In short, there's a *lot* of use cases for these published snapshots, and 
developers do not limit themselves to just doing local installs for 
testing/development.
   
   Yes, all of these developers could adapt and start manually configuring all 
their repositories. But that is friction for them, even if it's not for 
everybody.
   
   > 
   > GH actions don't use snapshot repository either.
   
   Yes, absolutely they do. This is precisely how accumulo-testing repo is 
configured to test accumulo snapshots: See 
https://github.com/apache/accumulo-testing/blob/main/pom.xml#L35 and 
https://github.com/apache/accumulo-testing/actions
   
   > 
   > Do you have an example project in mind that you think would be affected? 
How many do you think? Is this a guess or do you have some concrete idea of how 
many projects? and which ones?
   > 
   > I'd be happy to help fix any issues that would arise.
   
   It's not a complexity problem. It's a scale problem. I think most people 
could adapt pretty easily, without any help. It's also just a matter of 
convenience on a large scale (I don't know how large). Most people don't seem 
to be hitting the problems with dependabot that you seem to, and are content 
with the convenience of having it there. It's not causing a problem for 
everybody, and not everybody considers it worth changing, because it's more 
convenient the way it is.
   
   Personally, on a scale of `[-1.0, +1.0]`, I'm probably a `-0.25` opposed to 
this change. I could adapt if it were removed, but I think there's enough 
people with a slightly negative view of this change, that their total 
inconvenience is probably more substantial in aggregate than the few who are 
strongly in favor of this change.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to