Oh hi Nils. Yeah well a compromise is reached. I would still support a ban on <servers> tag in project-specific settings - more for enforcer. Its just about maintaining good abstractions. "User settings" what should that mean? Its basically the settings that a user doesn't want to commit.
You wanted "This is currently the only artifact repository that our build pipelines can access, but developers will sometimes want to build a project locally that requires other artifact repositories, e.g. a third-party GitHub project or an experimental Proof of Concept project which requires dependencies from a repository that hasn't been added to our in-company artifact repository yet. A global settings file that defaults to our private artifact repository would interfere with such local builds." I just don't get the use case since I regularly make use of an alternative repository configured in my user settings when I test maven pre-releases <profile> <id>stage</id> <activation> <property> <name>stage</name> </property> </activation> <repositories> <repository> <id>staging</id> <name>Maven Staging</name> <url> https://repository.apache.org/content/repositories/maven-${stage}/</url> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>staging-plugin</id> <name>Maven Staging</name> <url> https://repository.apache.org/content/repositories/maven-${stage}/</url> </pluginRepository> </pluginRepositories> </profile> </profiles> </settings> When abstractions erode it becomes difficult to think. In this case though the idea of user settings was never a strong one. Delany On Mon, 31 Jul 2023 at 18:44, Nils Breunese <n...@breun.nl> wrote: > Delany <delany.middle...@gmail.com> wrote: > > > In any case, what repository on the Internet is configured to allow > > anonymous uploads? The settings.xml must always be populated with > <server> > > credentials for a deployment to take place. > > If you fear someone accidentally uploading artefacts to random repos then > > "you're doing it wrong". Credential in settings.xml and managed manually > or > > someone other provisioning system = a good night sleep > > That's why I'm not a fan of > https://issues.apache.org/jira/browse/MNG-5659 > > If you’re committing any file with credentials "you’re doing it wrong”. > There are however also valid use cases for which project-specific settings > are a very nice solution, so I’m happy it’s finally coming in Maven 4. > > Nils. > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >