[jira] (MNG-5260) Provide option for obtaining complete dependency hierarchy

Sun, 19 Jan 2014 12:27:59 -0800 

    [ 
https://jira.codehaus.org/browse/MNG-5260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=338842#comment-338842
 ] 

Jason van Zyl commented on MNG-5260:
------------------------------------

It's relatively easy these days to get full reporting using Aether code 
directly: 
https://github.com/eclipse/aether-demo/blob/master/aether-demo-snippets/src/main/java/org/eclipse/aether/examples/GetDependencyTree.java
                
> Provide option for obtaining complete dependency hierarchy
> ----------------------------------------------------------
>
>                 Key: MNG-5260
>                 URL: https://jira.codehaus.org/browse/MNG-5260
>             Project: Maven 2 & 3
>          Issue Type: Improvement
>          Components: Dependencies
>    Affects Versions: 3.0.4
>         Environment: Any
>            Reporter: Peter Johnson
>            Priority: Minor
>         Attachments: patch_alldeps.txt
>
>
> Our lawyers are keen on us providing them with a list of all open source 
> components in our code so that they can ensure we are properly following the 
> licenses. Since license information is in the POM (well, for most components, 
> but that's another story), and since Maven provides a nice report for and 
> artifact and its dependencies, including the licenses used, we decided to sue 
> that instead of manually coming up with a list (which is what we used to do, 
> needless to say, the manually-generated list was always wrong). Anyway, this 
> worked well until we tried to report on something (such as an EAR) that had a 
> WAR as a dependency. In that case, we got the license info for the WAR, but 
> nothing about any of the components packaged into the WAR. Initially, we 
> though to just run a separate report on the WAR, but that lead to many too 
> many reports and also the need to remember to run all of them (we have a main 
> POM that describes all of the components that make up our product's release, 
> and we wanted to run the report only on that POM).
> So we patched Maven Core such that the includesDependencies property for an 
> artifact type would be ignored (essentially, always false). Now we can get a 
> complete report, including information about dependencies for a WAR, using:
> mvn site -Dall.deps

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to