Steve Loughran wrote: > Xavier Hanin wrote: >> On 11/8/06, Steve Loughran <[EMAIL PROTECTED]> wrote: >> >> Both systems, by default, should check for updates to the >>> metadata on a regular basis, because it does take a while to stabilise. >>> >>> I'm not sure about this point... well, I'm not opposed to the idea, >>> but it >> requires more reflexion. IMO metadata should never be modified, >> except in >> way that ensure backward compatibility, because it's the only to ensure >> build reproducibility over time, which is a key concept IMO. So making a >> check for updates a default may encourage updates. But if we find a >> way to >> ensure that an update is backward compatible, then it would make more >> sense >> to me. But maybe this is not applicable for a public repository like >> the one >> maven has. So maybe the default should simply be different for a public >> repository and for a private/home made one. >> >> Xavier >> > > > I understand that everyone wants stable, flawless metadata, but it > doesnt happen. With what we have today, the tools' caches stay frozen > the moment they do their first fetch, so if things change then old > machines never pick up the problem. Case in point, some of our > machines here had a commons-logging that included log4j and logkit, > even though they are now marked as optional in the pom. as a result, > different machines build differently. > > We need to recognise that infallibility-of-metadata is an unrealistic > ideal and adapt to it. I would more agree with Xavier, and believe that if the metadata in the POM or ivy.xml is wrong, there should be a new release with a new version number.
Otherwise, you can start tweaking everything everyday no ? Antoine
