On 05/07/2012 10:59 AM, Wayne Fay wrote:
Am I mistaken to think that a
<mirrorOf>*</mirrorOf>
in my settings.xml will stop Maven from reaching a repo that someone defined
in a jar that I include as a dependency?
Yes, this is correct/what you want if you are running a "corporate
repo" and should prevent "leaks" by repos declared in various
dependency pom files.
There has been some discussion of changing Maven's code to ignore (or
add an option to do so) repos declared in pom files like this. I am in
support of such a change.
It does seem to be kind of a security risk to be able to sneak a repo
into someone's environment like that.
I am glad that you confirmed that a properly set up repo and
settings.xml prevents this from happening.
In Josef's case, it would have changed the error and depending on what
Maven says when it finds the repo in the dependency, he might still have
been misled into trying to find the mis-configured xalan dependency
which could have resulted in the same amount of frustration but directed
in a different way.
At least he would not have had a missing dependency rather than a file
that looked to be the right name but was just html.
There needs to a recognition on the part of the Maven development group
that although repositories are not part of the development scope, they
need to have a more prominent place in the Maven documentation.
My experience of getting a repo latter in the maven adoption cycle, has
really made me aware of how much harder it was for us to work with Maven
and really understand the Maven philosophy before we had the repo.
Ron
Wayne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
