Download from the internet was one of my biggest "fear" as well as versions of underying poms/jars could change which would affect reproducibilty. Additiionally, download from internet could mean you might not be able to build at all if some external site cound not be reached or someone else released a bad version of something.
Happily, with a locally maintained artifacory which is configured to not automatically look for newer versions we do not have these types of problems (any more). Regards, Gord On Fri, Aug 14, 2009 at 1:26 PM, <herve.bout...@free.fr> wrote: > I must admit the "download the internet" effect is true: everybody can see it > when running Maven for the first time on a computer. > Is that really a problem? IMHO no: > - for personal use, this is done only once (and my ADSL line is fine) > - for corporate use, a repository manager is really welcome, yes > > The most problematic thing in this post is build reproducibility: yes, build > reproducibility is crucial, Maven team knows it. > Maven builds are reproducible. > > But back in '2007: people discovered that build reproducibility was not free, > since you had to define a version in your pom for *every* plugin, even those > that you even don't imagine it's really defined in a plugin > (maven-clean-plugin, for example). The myths of a 5-ligns pom.xml being > sufficient, or auto-update of plugins being a kewl feature, were broken ;) > Yes, this was learned the hard way by many people at that time... > > Later, in Maven 2.0.9, default plugins versions were added in Maven core, so > that even a 5-ligns pom.xml gives a reproducible build: if you stick with a > precise Maven version, you'll get the same build. It's not the best way of > ensuring reproducible build, explicitely defining your plugin version is > still better, but it works. > For more information, see [1] Maven 2.0.9 release notes. > > > HTH > > Hervé > > > [1] http://maven.apache.org/release-notes-older.html > > ----- Mail Original ----- > De: "Todd Thiessen" <thies...@nortel.com> > À: "Todd Thiessen" <thies...@nortel.com>, "Maven Users List" > <users@maven.apache.org> > Envoyé: Vendredi 14 Août 2009 14h55:57 GMT +01:00 Amsterdam / Berlin / Berne > / Rome / Stockholm / Vienne > Objet: RE: Broken by design > > > >> We have had some problems with build reproduciblity though. >> But it was because of downloading artifacts. > > Sorry... I meant so say here... It was NOT because of downloading > artifacts... > > Bah. Friday morning... Brain is still not in gear ;-). > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
