I really think it should not be allowed, since it makes the builds less
predictable/reproduceable/secure. Most people I've talked to think it's a bug
when they first see it happening because they are trying to figure out why Maven
is downloading files from a random location on the Internet.
The people who have a corporate policy to only download from central are already
breaking their policy whether they list the alternate repo in settings.xml or it
is added from a dependency.
With that said, I'm ok with having it configurable as Jesse suggests as long as
the default behaviour is to not add the repositories to the build.
Jesse McConnell wrote:
judging from the response I have gotten from people both wanting and
not wanting repositories declared for various integrations with jetty,
the problem folks seem to be ones where their corporate policy dictate
they can not use any repo other then central but they do not have a
repo manager setup.
since we can't rightly force people to install and maintain repository
managers, at first blush I would probably error on the side of a
option in the settings.xml a la offline
<transitiveRepositories>true/false</transtiveRepositories>
jesse
--
jesse mcconnell
jesse.mcconn...@gmail.com
On Wed, Oct 28, 2009 at 07:03, Brett Porter <br...@apache.org> wrote:
I would advocate not allowing them, but using them to provide useful
information in the case of a resolution exception that can easily guide the
user on what to do.
If folks strongly want to continue to allow it, I would go with a prominent
warning (which is the case for several other things now).
As to what the user is guided to do - I assume that is to declare them as
repositories in the current project, or to refer to their repository
manager's documentation to add it there (with this being recommended). In
the long run I'd hope Maven can better handle multiple repositories OOTB (in
a way that still complements the use of a repository manager) - actually I
remember briefly talking to Brian about that at last year's ApacheCon Maven
BOF :) Time flies...
- Brett
On 28/10/2009, at 10:52 PM, Benjamin Bentmann wrote:
Hi,
following a comment by Wendy on JIRA, I wanted to re-check what our plans
are for repositories in dependency POMs. In more detail, how is dependency
resolution in Maven 3.x expected to work here:
project ---depends-on---> A ---depends-on---> B
where the POM of A declares the repository R hosting B.
Now, when it comes to resolve B's POM/JAR (and its transitive
dependencies) in the context of building the project, should Maven 3 also
consider R (like currently done in Maven 2) or only those repositories that
are available for the root of the dependency graph, i.e. the repositories
declared in the POM of the project and the settings?
Besides the question of the degree of backward-compat we want to keep, the
issue with ignoring the repositories declared in dependency POMs I see is
the effect on open source projects and their consumers. If one project
consumes the artifacts of another, do we want the first project to redeclare
all repositories required to resolve the transitive dependencies of the
second project? Some arguments for the other side can be found in [1].
So, where do we want to go with this?
Benjamin
[0]
http://jira.codehaus.org/browse/MNG-4413?focusedCommentId=196344&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_196344
[1] http://jira.codehaus.org/browse/MNG-3056
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
