[
https://jira.codehaus.org/browse/MNG-5723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=356187#comment-356187
]
Michael Osipov commented on MNG-5723:
-------------------------------------
I understand but have you tried the following:
You can assing read permissions per repo. So you can grant only a few users
read access to that third party repo and still add it to the group. Put the
thirdparty upfront and it will be searched first.
> Why does maven 3.2 download same artifact multiple times from all
> repositories defined in pom ?
> -----------------------------------------------------------------------------------------------
>
> Key: MNG-5723
> URL: https://jira.codehaus.org/browse/MNG-5723
> Project: Maven
> Issue Type: Bug
> Affects Versions: 3.2.1, 3.2.2, 3.2.3
> Reporter: Ruchir Sachdeva
>
> I have defined 2 repositories in pom.xml like below. One is public and other
> is thirdparty.
> <repositories>
> <repository>
> <id>public</id>
> <name>Nexus - Public Repositories</name>
> <layout>default</layout>
> <url>http://mavenrepo.aaa.net/nexus/content/groups/public</url>
> <releases>
> <enabled>true</enabled>
> </releases>
> <snapshots>
> <enabled>false</enabled>
> </snapshots>
> </repository>
> <repository>
> <id>thirdparty</id>
> <name>Nexus - Third Party</name>
> <layout>default</layout>
>
> <url>http://mavenrepo.aaa.net/nexus/content/repositories/thirdparty</url>
> <releases>
> <enabled>true</enabled>
> <updatePolicy>always</updatePolicy>
> </releases>
> <snapshots>
> <enabled>false</enabled>
> </snapshots>
> </repository>
> </repositories>
> Say there is a dependency called grpId:artId:1.1.0 which I have defined in my
> pom. This dependency is present in both the repositories defined above-
> public and thirdparty
> When I run mvn install I see different behaviours in the way maven downloads
> the grpId:artId:1.1.0 artifact based on the version of maven i am using.
> Behaviours :-
> **1. Using Maven 3.1 and previous versions**
>
> - **a.** Maven looks up the dependency grpId:artId:1.1.0 in 'public' repo
> - **b.** Maven finds the dependency and downloads it.
> - **c.** Maven does not look up the dependency grpId:artId:1.1.0 in
> 'thirdparty' repo as it is already downloaded from previous repository.
> **2. Using Maven 3.2**
>
> - **a.** Maven looks up the dependency grpId:artId:1.1.0 in 'public' repo
> - **b.** Maven finds the dependency in 'public' repo and downloads it.
> - **c.** Maven again looks up the dependency grpId:artId:1.1.0 in
> 'thirdparty' repo even though it is already downloaded from 'public'
> repository.
> - **d.** Maven finds the dependency in 'thirdparty' repo and downloads it
> and overwrites the dependency downloaded from 'public' repo previously
> I wonder why maven is behaving in an absurd manner for maven-3.2. It should
> stop looking further for the dependency which is already resolved and
> downloaded from one repository .
> Is there a way to achieve it using maven 3.2 ?
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
