-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I am sometimes late on threads but anyways...

| i don't agree, the point of not having a pom there is to be able to
| add one later with the right info. If you work against something
| without pom, hey, it's your decision, but you are aware that it's a
| problem, as all the warnings tell you
I do NOT agree. Adding a jar and later some pom with dependencies is
odd. You should enforce that no artifacts can go to central repro
if they do not come with a proper pom.
To fix the actual problem default poms should be added to
the repository. Further versions of these artifacts can add the
correct dependencies.
Please consider that maven is not just used by open-source users for fun but
also by brute business. If some company is running a deployment
that comes to a wrong result because of dependencies in a
pom that was just added to the repository (e.g. because then a different version
than before was chosen for a dependent artifact), they will flame maven.
Don't we say that maven is also ready for business?
Do you have an idea how much harm the maven community has done to enterprise
(and other) users by releasing buggy plugins?
I do not want to blame anybody! Giving your spare time for open-source is
worth some honor and humans make mistakes. But we should be aware of the
sensibility of our decisions.

Best regards
~  Jörg
|
| On 10/15/07, William Ferguson <[EMAIL PROTECTED]> wrote:
|> Isn't the goal here to stop incessant warnings during a build about
|> trying to downalod a missing POM?
|>
|> The way to do that is to that is to upload a POM for that artifact to
|> the repository.
|>
|> But Nico is right is that the uploaded POM should not break existing
|> builds. Which means that the POM just needs to be bare bones and list no
|> dependencies as the missing POM introduces no deps.
|>
|> So Nico, I'd suggest you create a simple POM with just groupId,
|> artifactId and version and get it uploaded to the repository.
|>
|> Can I also suggest that it is a worthy task to auto generate and upload
|> such POMs for all artifacts in central with a missing POM.
|>
|> William
|>
|>
|> -----Original Message-----
|> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos
|> Sanchez
|> Sent: Tuesday, 16 October 2007 2:01 AM
|> To: Maven Developers List
|> Subject: [***POSSIBLE SPAM***] - Re: Fix missing POM files - Email has
|> different SMTP TO: and MIME TO: fields in the email addresses
|>
|> sorry, but that's not the case currently. If it has no metadata it can
|> be added, that's why you get warnings when the metadata is missing.
|>
|> On 10/15/07, nicolas de loof <[EMAIL PROTECTED]> wrote:
|>> I fully agree about collaborating and submitting more artifacts to the
|>> repo with good meta-datas. The only issue I can see is about
|>> reproductible builds if those meta-datas change.
|>>
|>> The established rule NOT to change meta-datas after publication
|>> applies IMHO also to artifacts without meta-datas. Anyone providing
|>> metadatas for an artifact that is allready in repo, so that can be
|>> used by many people, will potentialy break there builds, with no way
|>> in maven2 to quickly fix this issue by stopping the transitive
|> dependencies.
|>> Nico.
|>>
|>> 2007/10/15, Carlos Sanchez <[EMAIL PROTECTED]>:
|>>> On 10/15/07, nicolas de loof <[EMAIL PROTECTED]> wrote:
|>>>> I'm not the guy who uploaded castor 1.0 on the maven repo, and I'm
|>>>> also
|>>> not
|>>>> the guy who used it in the project. I came later and have to
|>>>> maintain
|>>> the
|>>>> project now.
|>>> that's collaboration ;) if you want to use something that uses
|>>> castor and want to do it the right way, yes you should contribute a
|>>> pom
|>>>
|>>>> Do you think I should contribute an empty POM just to ensure
|>>>> no-one can latter contribute one with some (maybe) unexpected
|> dependencies ?
|>>> not an empty pom, but it shouldn't take more than 10 min to figure
|>>> out what the dependencies are
|>>>
|>>>> A better solution IMHO should be to have an option for a
|>>>> dependency in
|>>> my
|>>>> POM to excludes all transitive dependencies. The current
|>>>> <exclusion> elements require to list dependencies. With such a
|>>>> feature, a project
|>>> that
|>>>> has legacy reference on a dependency with no POM can simply set
|>>>> no-transitivity to be reproductible in any case.
|>>> that's already filled in jira
|>>>
|>>>> Many artifacts in the repo don't have POMs (from m1 -> m2
|>>>> migration ?)
|>>> not lately but old ones, yes
|>>>
|>>>> Nico.
|>>>>
|>>>> 2007/10/15, Carlos Sanchez <[EMAIL PROTECTED]>:
|>>>>> On 10/11/07, nicolas de loof <[EMAIL PROTECTED]> wrote:
|>>>>>> Warning : This could break existing projects !
|>>>>>>
|>>>>>> My project has a dependency on castor-1.0. This one has no
|> POM.
|>>>>>> If you povide one, rebuilding my app will introduce new
|>>>>>> transitive dependencies that were not expected, and my build
|>>>>>> will become non-reproductible.
|>>>>>>
|>>>>>> Only new release of an artifact can come with a POM.
|>>>>>
|>>>>> mmm, that's not the case, you shouldn't made releases of things
|>>>>> without poms, you should have contributed one already
|>>>>>
|>>>>>
|>>>>>> Nico.
|>>>>>>
|>>>>>> 2007/10/11, Jochen Wiedmann <[EMAIL PROTECTED]>:
|>>>>>>> On 10/11/07, Carlos Sanchez <[EMAIL PROTECTED]> wrote:
|>>>>>>>
|>>>>>>>> http://maven.apache.org/guides/mini/guide-maven-evangelism
|>>>>>>>> .html
|>>>>>>> Quoting from that text:
|>>>>>>>
|>>>>>>> ... unless you provide a pom for it ...
|>>>>>>>
|>>>>>>> I am ready to do that, at least in the cases that harm me.
|>>>>>>> But
|>>> how?
|>>>>>>> Through the standard upload procedure?
|>>>>>
|>>>>> <quote>open an issue at JIRA MEV  with the relevant information
|>>> </quote>
|> ---------------------------------------------------------------------
|> To unsubscribe, e-mail: [EMAIL PROTECTED]
|> For additional commands, e-mail: [EMAIL PROTECTED]
|>
|>
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHmnvimPuec2Dcv/8RAm1MAJ0enhk25RE+HnobPXMl9Ap7U922KQCfX/tu
S0jzEznAiXh9hBK1V3qK6+Q=
=g77f
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to