Aidan Skinner wrote:
On Fri, Jun 26, 2009 at 11:50 AM, Robert Godfrey
<[email protected]> wrote:
I've not used Ivy, so I may be underestimating its cleverness; but I'm
not sure how we can get away without the meta data being in effect a
manually maintained duplicate of data that is mastered elsewhere. In
particular we want/require to build of versions of jars that are in
our repo (so that we can have repeatable builds). Thus the "metadata"
is actually the version information pertaining to the jars that are
actually checked in. Are you saying that Ivy extracts version
information from the checked in jars - or do we have to manually
maintain a list of what jars are at what version?
We already maintain that, albiet build.deps encodes it into the file
name so it's not useful.
The idea is to teach ivy to look in lib/ for the jar, then we maintain
our deps in ivy.xml
Admittedly
commons-lang=lib/commons-lang-2.2.jar
is more concise than
<dependency org="commons-lang" name="commons-lang" rev="2.2"/>
But it's not a huge hardship if we can then guarantee meaningful poms
that are automatically generated.
I don't think we could actually guarantee this. Imagine if there were a
typo in the org part:
<dependency org="commns-lang" name="commons-lang" rev="2.2"/>
This could easily happen, and we wouldn't notice either because we don't
use the org part or we have the same typo in the path to the file on
disk. This would result in a useless pom that could easily get included
into the release artifact and then signed and voted for release. And
once that happens, we can't go back and fix it.
IMHO it's really a bad idea to sign the pom regardless, because even if
it's correct at the time of release, it may become out of date after the
release since it depends on external configuration that may change.
I'm also not sure how we could automatically test this in a reasonable
way without actually firing up maven, and that would sort of defeat the
purpose. I know we could possibly test that ivy can find the remote
dependency without firing up maven, but from what I hear maven and ivy
have different behavior wrt poms and so some poms work with one and not
the other.
--Rafael
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
