I agree to a certain extend - i.e. maven is not really the tool to use for license verification, but since dependency management and license management are related issues I'd like to leverage its dependency management ability to solve my license verification needs, but it looks like it stops me from doing so.
The most obvious reason to me for being able to separate deps based on scope is licensing, but it is also feasible to have other reasons, not just licensing. For e.g. compile/runtime deps may be only allowd after they have been subject to vigorous security testing, or a project might want to only allow deps that have been compiled from the original source-code in-house rather than depending on binaries downloaded from a third-party repo. So, yes, my own requirements are licensing-motivated, but I can easily imagine scenarios like the above that have nothing to do with licensing - the real issue is that you could need different restrictions on dependencies based on their scope and separating them into separate repos would be an elegant way to solve this regardless of your motivation for this segragation - be it licensing, security or the phase of the moon. Ishaaq 2008/7/1 Geoffrey Wiseman <[EMAIL PROTECTED]>: > On Mon, Jun 30, 2008 at 4:14 AM, Ishaaq Chandy <[EMAIL PROTECTED]> wrote: > > > Well, not knowing who else uses maven out there I have no reasonable way > to > > verify or deny your claim that this is not useful for 95%. I can only say > > that I find it hard to believe that only 5% of maven users would conform > to > > both of the following criteria - but then again, I don't really know: > > > > Because Maven deals with dependencies, it would be nice to have it work > with > licensing issues, I agree. I think it's also true that what Maven is > intended for (building the project) and what you're hoping to do with it > (enforce licensing policies) are somewhat different, and that may be the > source of some of the conflict. > > There would be other ways to accomplish this -- for instance, if Maven were > aware of the license (if it were published in the POM), you could put > restrictions on dependencies without placing them in different > repositories. > > In any case, I don't know of any easy way to address this with Maven. The > only thing I can imagine is to put your tests in different projects than > your classes to test, and adjust the repositories on a module by module > basis, which would be pretty ugly even if it works. > > - Geoffrey > -- > Geoffrey Wiseman >
