[
https://jira.codehaus.org/browse/MENFORCER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=326272#comment-326272
]
Robert Scholte commented on MENFORCER-51:
-----------------------------------------
Although this may look like a nice feature, there's a potential danger here.
Suppose the latest version of a parent/dependency/plugin introduces a bug,
which is exposed during the build-time of your project, then you can't
build/test/package (and release!) it.
Or even worse: the latest version introduces a security-bug at runtime without
being noticed. Once it is in your local repo you're doomed.
In my opinion this should be solved the repository manager. There you should be
able to specify version-ranges which can or cannot be used. When _deploying_
your project, the repository manager should analyze the pom.xml for blacklisted
dependencies/plugins/parents and fail the deploy in such case.
> build failure in case of available updates
> ------------------------------------------
>
> Key: MENFORCER-51
> URL: https://jira.codehaus.org/browse/MENFORCER-51
> Project: Maven 2.x Enforcer Plugin
> Issue Type: Wish
> Components: Standard Rules
> Reporter: Tomasz Pik
>
> It would be useful to have a possibility to fail build if there's an update
> of given dependency.
> In some way it would 'solve' problem of 'how to depend of latest stable
> version of my company parent pom' problem - build would just not pass
> if there's an update.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
