Re: lock down plugin versions in enterprise poms?
Thanks all, we know where to go from here! On Tue, May 4, 2010 at 6:03 PM, Jesse Farinacci jie...@gmail.com wrote: Hi Ravi, On Tue, May 4, 2010 at 7:01 PM, Ravi Luthra cod...@gmail.com wrote: I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? Not only is it a best practice, but there is support for you to ensure you've done your job well[1] as well as locate new versions of plugins for you to upgrade onto. [1] http://maven.apache.org/enforcer/enforcer-rules/requirePluginVersions.html [2] http://mojo.codehaus.org/versions-maven-plugin/display-plugin-updates-mojo.html What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? The only consequence would be that you'd not pick up any critical plugin updates due to bad plugins, but I'm not very convinced by this. Usually monitoring for [ANN] on maven-users is sufficient to keep abreast of changes. -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
lock down plugin versions in enterprise poms?
At our company we maintain a top-level enterprise pom that all projects inherit. We're considering adding versions to lock down our plugin versions. What we are trying to avoid is having our build break because of a third-party plugin upgrading on us unexpectedly. I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? Thanks, Ravi
Re: lock down plugin versions in enterprise poms?
On 5 May 2010 00:01, Ravi Luthra cod...@gmail.com wrote: At our company we maintain a top-level enterprise pom that all projects inherit. We're considering adding versions to lock down our plugin versions. What we are trying to avoid is having our build break because of a third-party plugin upgrading on us unexpectedly. I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? You heard wrong. Locking down the plugin versions is best practice What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? Thanks, Ravi
Re: lock down plugin versions in enterprise poms?
You should lock down plugin versions in your enterprise pom. Whomever told you otherwise was on crack. Justin On May 4, 2010, at 7:01 PM, Ravi Luthra cod...@gmail.com wrote: At our company we maintain a top-level enterprise pom that all projects inherit. We're considering adding versions to lock down our plugin versions. What we are trying to avoid is having our build break because of a third-party plugin upgrading on us unexpectedly. I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? Thanks, Ravi - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: lock down plugin versions in enterprise poms?
It is totally best practice to lock your plugin versions and much more down. Depending on the usage of your company pom and the content you could even introduce a company super pom. Have a look here for what I mean. http://www.mosabuam.com/2009/10/company-super-pom-a-maven-practice manfred At our company we maintain a top-level enterprise pom that all projects inherit. We're considering adding versions to lock down our plugin versions. What we are trying to avoid is having our build break because of a third-party plugin upgrading on us unexpectedly. I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? Thanks, Ravi - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: lock down plugin versions in enterprise poms?
Hi Ravi, On Tue, May 4, 2010 at 7:01 PM, Ravi Luthra cod...@gmail.com wrote: I've heard that locking down the plugin version is a bad practice mostly because of major versions of Maven being released. Is this really a bad practice? Not only is it a best practice, but there is support for you to ensure you've done your job well[1] as well as locate new versions of plugins for you to upgrade onto. [1] http://maven.apache.org/enforcer/enforcer-rules/requirePluginVersions.html [2] http://mojo.codehaus.org/versions-maven-plugin/display-plugin-updates-mojo.html What consequences would we face if we locked down our versions and upgraded them on our own, rather than allowing Maven to choose for us? The only consequence would be that you'd not pick up any critical plugin updates due to bad plugins, but I'm not very convinced by this. Usually monitoring for [ANN] on maven-users is sufficient to keep abreast of changes. -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org