maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barrie Treloar" <>
Subject Re: [IMPORTANT] Maven 2 Plugin Auto-Versioning Considered Dangerous
Date Wed, 11 Apr 2007 22:51:31 GMT
On 4/12/07, John Casey <> wrote:
> Here's an example:
> Having created this project with its assembly descriptor, but WITHOUT A
> time later, after the next version of the assembly plugin fixes this bug, a
> user comes along. He installs Maven, checks out my project, and tries to
> build. Without a single line of code changing in my project, the build
> fails, because his Maven instance resolved the plugin to the newer version.
> I cannot replicate his failed build, because my assembly-plugin version had
> not been updated (I didn't use -U during the build).

This is how I see things:

User checks out HEAD, then they are living on the bleeding edge and
the project develoeprs should be able to reproduce the user problems
since a mvn -U will bring all plugins in line with a new users.

User checks out TAG, then the tagged pom.xml should automatically be
transformed as part of the release process to lock down and specify
everything to make the build reproducible.  If you are building this
project 20 years from now (and assuming central hasn't been blown away
and lost old plugins) then you can rebuild the project as you are
using known versions for everything.  It does not matter that newer
versions of the plugins are available, they are never used.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message