[
https://issues.apache.org/jira/browse/MNG-7906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813877#comment-17813877
]
Guillaume Nodet commented on MNG-7906:
--------------------------------------
I understand better, and I agree that the fact Maven does not enforce any
compatibility policy can lead to wrong results. But I would point out that it
has been the case for 20 years and I had not heard much complaint about it.
Another point worth mentioning is that Maven also operates under the assumption
that everything uses a flat class loader, which actually leads to the first
point. If we consider the OSGi world, the system allows multiple versions of
the same artifact…
Another point about the compatibility policy: this would have to be defined in
the POM, but I’m not sure that using semantic versioning is a good idea, as
those are just guidelines and may not reflect the reality. If we were to add
something to the POM, I think each artifact should have a way to tell with
which artifact it is backward compatible : I.e. when publishing version X, it’s
mainly about indicating which version Y <= X to define a compatibility range.
If using server, it would be the previous major version. But this would need a
way to force a version anyway. This is quite a tricky area…
> Dependency Management import does not work the "maven way"
> ----------------------------------------------------------
>
> Key: MNG-7906
> URL: https://issues.apache.org/jira/browse/MNG-7906
> Project: Maven
> Issue Type: Bug
> Components: Dependencies, Documentation: General
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 4.0.x-candidate
>
>
> This affects all released Maven versions so far.
> Problem reproducer: https://github.com/cstamas/MNG-7852 (repo name is wrong,
> obviously).
> In short: unlike with dependencies, where you CAN override some "deep
> transitive" dependency by re-declaring it directly as 1st level dependency in
> POM, for depMgt import this does not work, actually, it works quite the
> opposite ("first comes, wins"). Moreover, Maven remains silent about this, as
> reproducer shows, and all of this goes unnoticed.
> Solution: at least depMgt import should make "the maven way", maybe not by
> default (to not break existing builds) but configurable. Problem is solved if
> in reproducer:
> - with fix enabled, junit 5.9.3 is used, AND
> - with fix disabled, Maven yells about ignored depMgt import
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
