Hello everybody, I commented on some recent pull requests on the gerrit-trigger-plugin [1], [2], where the requester added http://repo.jenkins-ci.org and http://download.eclipse.org/jgit/maven, so all required artifacts may be downloaded directly without fiddling around with her settings.xml as suggested in the Plugin Tutorial [3].
Now while one might argue that having repo.jenkins-ci.org in a plugin's pom might do no harm, as you need the repository anyway, I am feeling uncomfortable adding repositories not under control of the jenkins community. As stated on the sonatype page [4] having repositories defined in a pom is under most circumstances not a good thing. Imagine the jgit repository is not available or moved to another location. Then the build will fail or worse we will not be able to build the plugin at all. As plugins are mostly end products at least getting bad or broken artifacts from foreign repositories might not be a problem, we have been bitten by this a few times hunting down broken oracle jdbc jars from defective repositories included in libraries' poms. I guess most companies have a policy like ours, that all dependencies should come through a mirror of the original repository. I would therefore suggest to instantiate a thirdparty repository in repo.jenkins-ci.org where needed dependencies not available from central or directly from repo.jenkins-ci.org are mirrored. For repositories with loads of needed artifacts maybe a complete mirror for these repositories would be a good thing to have. I see this will have the consequence of forcing people using dependencies not available from central to upload them firstly into the above mentioned thirdparty repository but think it will make developing plugins a more stable experience in the long run. What do you think? Am I to pessimistic? Regards Mirko [1] https://github.com/jenkinsci/gerrit-trigger-plugin/pull/17 [2] https://github.com/jenkinsci/gerrit-trigger-plugin/pull/15 [3] https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial [4] http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/ -- http://illegalstateexception.blogspot.com/ https://github.com/mfriedenhagen/ https://bitbucket.org/mfriedenhagen/
