On Mon, Oct 26, 2015 at 11:42 AM, Anders Hammar <[email protected]> wrote: > You're right, this is the problem. What would need to be done is the > version to be fixed for the release version (tag).
Do we have any tooling for this? In my imagination, the top pom for a product to be released could be auto-decorated with dependencyManagement locks. > > /Anders (mobile) > Den 26 okt 2015 15:55 skrev "Benson Margulies" <[email protected]>: > >> Folks, >> >> I would appreciate some assistance in thinking through the >> implications of the use of version ranges. >> >> As a thought experiment, consider a loosely-coupled collection of >> maven project, maintained with a semver discipline. >> >> Each component has dependencies, and those are written with ordinary >> dependency elements. No dependency management, no ranges. >> >> Maven will resolve version numbers, and the builds will be 100% >> reproducible. However, the resolution algorithm is not semver, it's >> doing the tree distance thing. >> >> So, to get semver semantics, I might consider adding ranges. However, >> and here I hope I'm confused, I just lost reproducibility. If someone >> adds a new version to the repository, a re-run of the build will >> select it if it satisfies the ranges. Rebuilding from the tag is not >> the same build. >> >> Am I missing something? Could it be that the release process somehow >> resolves the ranges and writes them into the poms? >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
