Am 18.05.2011 23:21, schrieb Heck, Gus (Patrick): > In our company, our > policies make it very important that I know exactly what is going into > the project, so I can't just let maven go slurping things up from > anywhere it feels like on the web. In a network allowed to access the outside world: - clean out your local repository (rm -rf ~/.m2/repository) - run your build - review what's inside your local repository and decide whether that's okay according to your policies
The other way round (upload everything which is needed manually) completely thwarts the idea of automatic dependency management. To make it short: this is probably a dead end. The approach you outlined would mean to download and build from source each and every project your build is depending upon. Unless you are a world-class-superhero-build-and-release-manager with a lot of spare time, or your project has only a tiny set of (transitive) dependencies, this probably won't work. I doubt one person can accrue the knowledge required to build all these software modules which get deployed to the central maven repository in a reasonable time. If you don't believe, run mvn dependency:tree on your project, this will give you the dependency tree for compile-time dependencies. Add to this the test-dependencies needed to execute the tests of your compile-time dependencies which happens before packaging (i. e. you won't get a JAR if the tests don't run). If this is not enough to stop you from pursuing your initial approach, add all the maven plugins which make up your build system, and their dependencies. Best regards Ansgar --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
