On 6/30/06, Graham Lea <[EMAIL PROTECTED]> wrote:
I think what I most want to know is: *What is the GOAL of transitive dependencies?* If the goal is to /stop me having to know about or think about the dependencies in use/, it would seem that it doesn't work: I still need to know about all the dependencies in use. And I need to think about whether the versions of transitive dependencies being provided automatically are suitable, or whether I should override them.
Maven's transitive dependency mechanism is powerful and convenient... but it does not absolve you of the responsibility to be aware of what versions of what libraries you are depending on. (I don't think you disagree... in your original scenarios, you were asking how to deal with a security flaw in a transitive dependency and make sure that you're using the right version.) Maven provides reports to help you see what dependencies you're working with, for example: * http://struts.apache.org/struts-action/struts-core/dependencies.html -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
