In that case I would publish your parent with all the Good Stuff (parent A) in the central repository, and have a second parent inheriting Parent A where publishing is turned off. So your super secret, multi gazillion project can inherit from parent B and so no publishing is going on, unless they turn on the maven-flatten-plugin and a publish plugin.
Nick Stolwijk ~~~ Try to leave this world a little better than you found it and, when your turn comes to die, you can die happy in feeling that at any rate you have not wasted your time but have done your best ~~~ Lord Baden-Powell On Mon, 31 Jul 2023 at 01:30, Garret Wilson <gar...@globalmentor.com> wrote: > On 7/30/2023 8:16 PM, Nils Breunese wrote: > > … > > Can I ask why you publish this root POM as a public artifact to Maven > Central? > > 1. To be a good open-source citizen and help others with all the goodies > this POM provides (many of them which should be in Maven by default but > are not). > > 2. To provide a standard baseline for expectations for all of our > projects (e.g. build properties that are populated), including our > open-source projects and our hypothetical super-secret > multi-million-dollar projects. > > > If you’re using it to build super-secret million-dollar projects that > shouldn’t be published publicly, it might be safer to publish this root POM > to an internal Maven repository as well (as I suppose you already do for > the projects that inherit from this root POM)? > > But the error lies in conflating the two conceptually. > > The child project is what is super-secret and multi-gazillion dollars > worth. The parent project is just a tool; it is not super-secret nor > worth multi-gazillion dollars. > > You realize that Maven comes with its own super POM, right? So we could > ask the same question: if I'm building a super-secret gazillion-dollar > project, might not it be safer to find out how to disable Maven's own > super POM? But of course we know that's a silly question. > > One should have nothing at all to with the other. The super POM just > sets up some common properties that everyone can use. My root POM just > sets up some common properties that everyone can use. I should be able > to publish my root POM and easily disable publishing for its children. > > This is one of Maven's drawbacks: inheriting too much from the POM. For > example if you publish a parent POM that has one license (e.g. Apache > 2.0), suddenly all its children inherit the same license (although most > people aren't aware of this) without specific overriding. See my Stack > Overflow question [Publish open-source Maven parent POM without > inheriting `<license>`](https://stackoverflow.com/q/73239332) and > [MNG-7562](https://issues.apache.org/jira/browse/MNG-7562). > > The central issue in both cases is that the Maven designers in general > seemed not to have realized the need to distinguish between "information > related to publication of this POM" with "information that is to be > inherited to child POMs". > > Garret > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >