For a practical solution... I just stopped using 0's in versions.. maven interprets 1.8 as 1.8.0 then [1.7,1.8) will never match 1.8.1-SNAPSHOT
invariably you don't actually want a third parties release to affect you build because what they consider and breaking change might not be for you therefore you need your own lifecyle for the external dependency. I use composition poms for slf4j it looks like this... http://search.maven.org/remotecontent?filepath=net/stickycode/composite/sticky-composite-logging-api/2.1/sticky-composite-logging-api-2.1.pom All my projects depend on the composite at [2,3) and as I control the lifecycle it always works. I can upgrade the version across all my projects with a new release of the composite. You may note the two point version... personally I don't bother with the patch version, two points is enough, if you break it change the major version and if you don't change the minor. my 2c Michael
