On Jul 29, 2006, at 10:03 PM, Andrus Adamchik wrote:
On Jul 30, 2006, at 12:41 AM, Craig McClanahan wrote:
There are (at least) two scenarios where I believe there is
legitimate cause
for concern with the way Maven does things:
* You can declare a dependency on a particular groupId/artifactId
combination *without* specifying a version number. The meaning
is something along the lines of "take the latest version you know
about."
Thus, you could unknowingly be declaring a dependency on an
incubating project if "incubating" is only present in the version
number.
This can be alleviated by requiring that "incubating" be part of
the group
or artifact identifier, which I think would be a really good idea.
AFAIK the version still has to be set explicitly in the parent POM.
It certainly fails for me when I remove the version tag from the
dependencies. Maven gurus please correct me if I'm wrong. (I think
only Maven *plugin* versions can be omitted??)
That is my understanding as well. It does leave a loophole where
someone purely using a plugin may not be aware that the project is
incubating but I would expect that if they had reached the level of
using the plugin they would also be using other artifacts from the
project that would be clearly marked.
This would be avoided though if we placed the artifacts in a
different repository (as they would have to explicitly specify the
incubator pluginRepository).
* The harder problem is that Maven2 does transitive dependency
identification. If you declare an explicit dependency on module A,
which itself has a dependency on incubating module B, you're not
going to know that you are depending on incubating code unless
you are very careful about analyzing the entire set of POMs for all
your dependencies (or you generate the website and analyze the
dependency report that is produced there).
That was the case that I described. My understanding is that the
roots of the policy requiring to include a clear indication that
the code is incubating is to alert the users of the differences
between "Apache software" and "incubating Apache software".
AFAIK having a separate repository would not achieve this as the
repository definition would also be extracted from the first level
dependency's POM - in other words the transitive dependency would
automatically be downloaded from the incubator repository with no
action taken by the user.
So my earlier point was that if Maven downloads a transitive
dependency that is third or higher degree from the root, users
either do not know that they got anything "Apache" at all (so no
unintended misrepresentation of the incubating code takes place),
of if they do - they will clearly see the "incubating" suffix in
the Maven log or local repo directory name, or the jar file name,
or any other number of ways. Therefore having "x.x-incubating" in
the version number seems sufficient.
Perhaps it would suffice to make it ASF policy that no official
project should have a dependency on a incubating one (or such a
dependency would be scoped as provided so that the user would have to
explicitly include it). Outside the ASF we have very little control
over what people do with the artifacts, although we might ask them to
preserve the incubating status.
--
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
