Ishaaq Chandy wrote: > Hmm, so in short you're telling me that I should completely > lock down my > build process simply because maven can't differentiate > between plugin deps, > test deps and compile/runtime deps. > > Look, I know I'm starting to sound like a whining complainer > and I wouldn't > blame you if you got annoyed, but look at it from my > perspective: put aside > for a moment what maven can and can't do, and how it > implements dependency > management. Now consider this: > > 1. Legally, it makes sense to vet all the compile-time and runtime > dependencies of a distributable product (commercial or otherwise). > > 2. The build processes, the tests, the metrics are all > internal processes > and are not part of the distributable product, in some scenarios the > restriction on the artifacts used to produce these can be > different from > those on the compile/runtime deps. In my commercial scenario, > having to > process, lock-down and manage each of these deps using the > same stringent > procedures used to vet normal compile/runtime deps is just needless > make-work - there is no legal requirement to subject my dev > team to this. > > Now, it would be perfectly reasonable to state that maven > does not do what I > need it to do, that the maven developers are not interested > in solving this > scenario and that I should look elsewhere.
Well, your scenario is somewhat strange. In such an environment one major QA goal is normally the reproducability of a release. Without the locking down your build environment can change even for tagged and released code arbitrarily and the result of a repeated build is no longer deterministic. > I guess that what I was just hoping for was that these would > in fact be > considered reasonable requirements; not as niche as, it turns out, you > obviously think they are and that, on the contrary, there is > a way to solve > this using maven. Unfortunately, given your answers, it seems > to be that > this is not the case. A pity. For me is does simply not make sense to have the repo requirement without the locked versions. Maybe that's the reason why your use case is unique, nobody has asked for it yet and Maven only supports the scenario in combination with the locked versions. - Jörg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
