directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bastiaan Bakker <bastiaan.bak...@enovation.nl>
Subject Re: Doxia
Date Wed, 22 Nov 2006 23:01:43 GMT
On Wed, 2006-11-22 at 10:27 -0800, David Jencks wrote:
...

> I think if you explicitly specify the version of every plugin you use
> you won't need this.  AFAIK existing published non-snapshot artifacts
> haven't ever changed.... no matter what grevious errors they may have.
> So, if you explicitly say which version you want, you will continue to
> get it.
> 
...

Ideally, yes. However unfortunately this is not always true: (even) some
Apache projects violate the principle of never modifying published
releases. 
<rant>
One example that bit me a few weeks ago:
http://www.ibiblio.org/maven2/geronimo/geronimo-kernel/1.1/

As you can see, the timestamp of the POM is much newer than that of the 
corresponding jar. Worse, the updated POM is broken: it contains an
incorrect <type>test</type> qualification (instead of *scope* test) for
the geronimo-qname_1.1_spec dependency, causing your project to suddenly
stop compiling. 
Even worse, the geronimo people don't appear to be concerned to fix
this. They have corrected the trunk but not bothered to release that. 
</rant>

But maven is not helpful either in situations like this: 
a project would either have to 
a) publish a correct POM for the same release, violating the principle
of never modifying published releases (and probably breaking caching
maven proxies that don't refresh POMs)
or
b) publish a new release, which means that al POMs of projects that
depend on it need to be updated to the new release.

To remedy this maven needs a more sophisticated dependency management.
More like RPM for example.

Just my 2 cents...

Cheers,

Bastiaan

 

Mime
View raw message