John, I think you've hit the nail on the head here. If you look at it this way, your plugins used are no different than dependencies. It's very dangerous to depend on the latest version of some jar from the repo, and likewise plugins. We don't default to grabbing the LATEST dependency, the same should be true for plugins.
-----Original Message----- From: John Casey [mailto:[EMAIL PROTECTED] Sent: Thursday, April 12, 2007 11:00 AM To: Maven Developers List Subject: Re: Remove auto-resolution of plugin versions from Maven 2.1 One thing I wanted to add: To me, it's critical to view your build script (or POM, or whatever binding you have to a build infrastructure) as a piece of the project code. The build - definition, shall we say? - is responsible for modifying your source code into a binary that works the way you would expect, and there are many options for the different steps involved in this process. This complexity means that there is a risk that the build process could introduce unexpected problems that may range from a file being out of place in the resulting binary, to a compiler option turned off that should be on, to using the wrong compiler. In other words, your build process is subject to bugs just like your project source code is, and needs to be tested alongside everything else. If you wait until release time to exercise a particular piece of this code, that's not so different from having a piece of code with absolutely no tests make it into your final binary. This is the biggest reason why I feel that locking down the POM at release time is dangerous. -john --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]