On 22 March 2013 08:12, Martin Höller <mar...@xss.co.at> wrote: > Hi! > > On 21 Mär 2013, Stephen Connolly wrote: > > > I think mailing lists are not the best way to explain why different > > solutions are to be preferred when ranking against what is best for the > > Maven ecosystem as a whole. > > > > So I wrote a blog post to explain my views on what are good ways and what > > are bad ways. > > > > > http://developer-blog.cloudbees.com/2013/03/playing-trade-offs-with-maven.html > > Really good post, but... ;-) > > There is one thing that is IMHO not clearly (enough) stated in your post: > it is in general a bad idea to add repositories to your POMs [1]. > > Section "2. Get the external jars into a public Maven repository" adds an > additional <repository> to the pom.xml. This is usually bad pratice and > should be avoided. Brian Fox wrote a detailed blog post [1] about this. > > Maybe you could link to this post and mentione, that putting the > additional repo in your settings.xml is an alternative. >
Well if you put them into your settings.xml, then those extra repositories are applied for *every single project that you build* If you put them in your pom.xml, then those extra repositories are only applied for that project and *every single project that lists that project as a transitive dependency* Also putting them in your settings.xml means you cannot just checkout and build, putting them in your pom.xml allows most others to just checkout and build (except for those of us behind a corporate proxy with a mandated <mirrorOf>*</mirrorOf>) Finally, putting them in your settings.xml allows reacting to repository location changes when building old builds, putting them in your pom.xml may mean that 1 year from now, checking out the tag will not build without modifying the pom.xml (or even worse, depending on the 1 year old version in a project your are building - you might want to verify a regression in behaviour for example - won't work because that version's pom.xml has invalid repository URLs) For all the above reasons, pushing OSS projects to central is the recommended practice, but getting them into any public Maven repository is better than not having them in a public Maven repository. TL;DR pushing open source projects to a repository other than Central (at least for the moment given how Maven works) is bad practice. Arguing over whether it is better to reference those other repositories from settings.xml or from pom.xml is very much like two fleas arguing over who will get squashed first when the building collapses and flattens the dog they live on ;-) > > Thanks for your efforts for the maven community and hth, > - martin > > [1] > http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/ >