Return-Path: Delivered-To: apmail-maven-users-archive@www.apache.org Received: (qmail 61564 invoked from network); 30 Jun 2008 18:13:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Jun 2008 18:13:14 -0000 Received: (qmail 44555 invoked by uid 500); 30 Jun 2008 18:13:07 -0000 Delivered-To: apmail-maven-users-archive@maven.apache.org Received: (qmail 44488 invoked by uid 500); 30 Jun 2008 18:13:06 -0000 Mailing-List: contact users-help@maven.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Maven Users List" Reply-To: "Maven Users List" Delivered-To: mailing list users@maven.apache.org Received: (qmail 44477 invoked by uid 99); 30 Jun 2008 18:13:06 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jun 2008 11:13:06 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of brianf@reply.infinity.nu designates 205.210.42.66 as permitted sender) Received: from [205.210.42.66] (HELO mailout.easydns.com) (205.210.42.66) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jun 2008 18:12:11 +0000 Received: from intrepid.infinity.nu (c-24-62-212-44.hsd1.nh.comcast.net [24.62.212.44]) by mailout.easydns.com (Postfix) with ESMTP id 7451348631 for ; Mon, 30 Jun 2008 14:09:08 -0400 (EDT) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: fatal dependency management flaw in maven? X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 30 Jun 2008 14:12:38 -0400 Message-ID: <2BABBE7D2A66E04DB8A66A527D29927E4040C1@intrepid.infinity.nu> In-Reply-To: <609d59440806300623k45f2a9d5r9c4046294648aee8@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: fatal dependency management flaw in maven? Thread-Index: Acjau/UsWBYIULQoSpehDX0YPauAiAAIIhtw References: <609d59440806292234nc56033m7547c29482830403@mail.gmail.com> <52bab8690806300030t19753286j90b5b100dbeddf58@mail.gmail.com> <609d59440806300114l5129392we32ecd6f320a4c43@mail.gmail.com> <609d59440806300454t3cd3e3e1ta10d14fab22ceac1@mail.gmail.com> <81f0d9c0806300513x6ef1ecbck4e22f3beeee7eb8b@mail.gmail.com> <609d59440806300623k45f2a9d5r9c4046294648aee8@mail.gmail.com> From: "Brian E. Fox" To: "Maven Users List" X-Virus-Checked: Checked by ClamAV on apache.org >Hmm, so in short you're telling me that I should completely lock down my >build process simply because maven can't differentiate between plugin deps, >test deps and compile/runtime deps. No, only because it will save you hassle later. Another thing to consider is that regardless of what decisions are made about artifacts when they are retrieved from the remote repository, once they are in your local repo, that level of checking is gone. So for example if a test uses GPL artifact A, it's now in everyone's local repo so later if the product uses the same artifact A...there will be no checking done on the repository manager nor segregation based on what the remote repository settings are. There are some proposals on the table to further break down the local repo and until those are implemented, this use case can't really be fully handled...regardless of the implementation of scope based repos. --Brian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@maven.apache.org For additional commands, e-mail: users-help@maven.apache.org