On Mon, Mar 16, 2026 at 12:42 PM Elliotte Rusty Harold <[email protected]> wrote:
> The problems pop as soon as you attempt to use XSLT, XPath, XInclude, > XSD, or any other general purpose XML tool to process pom.xml files. > If you don't do that and only use Maven's own libraries, you might > never encounter problems. However, this removes a large ecosystem of > well developed and supported libraries from our toolboxes. Not > everyone uses these tools, but those of us who do really miss them. > > This will be more relevant to developers working on Maven itself and > with non-Maven projects that rely on the Maven repository system (e.g. > Gradel, bazel) than to Java developers who are simply building their > projects with Maven. The latter won't have an obvious problem, but > they will have fewer tools others have built for them, and progress on > the tool they are using will be slower because Mavend developers can't > use generic XML tools to do generic XML things and have to burn time > and resources on more difficult solutions. > > Beware the Availability Heuristic. Just as an aside (no intention to hijack the discussion), at €€€ job we use the versions plugin to discover new versions of plugins and dependencies. But we also have a manual system in place that prevents automatically updating specific versions because several dependencies can only be upgraded in tandem. I wanted to add a new namespace for our POM annotations that would record those objections, but that fails the build as Maven is unable to parse the POM file. So we opted to add comments and have our own updating tool: <!-- OWP: "dep":"org.codehaus.plexus:plexus-cipher", "reason":"2.1.0 en 3.0.0 are incompatible with shrinkwrap-resolver 3.3.2" --> and <!-- OWP: "dep":"org.codehaus.plexus:plexus-sec-dispatcher", "reason":"3.0.0 t/m 4.1.0 are incompatible with shrinkwrap-resolver 3.3.2" --> Of course we could opt to add these to the version-rules.xml, but then we don't get notified of updated versions, and version-rules doesn't have a notion of "these two need to be updated in tandem". It would be awesome if we were able to add such annotations to the pom files using proper XML tools (e.g. our own namespace), although that might be more painful than what we currently have. Martijn
