Kevin Galligan wrote:
Just had a crazy thought about the "external organization making secret
changes" issue. If the issue is with snapshot builds I guess I don't have
much for you there (other than the above, of course). However if the
concern is simply that you don't know that what's in the repository hasn't
changed, I had a wacky idea.
Maybe we write a plugin that does the following. When you set up a new
project or change an existing project's dependencies, you need to run that
plugin. Something like:
mvn depend-check:build
It'll go through non-snapshot dependencies and build a datafile that
keeps a
hash of each of the artifacts. Keep that in the root directory next to the
'pom.xml' file, and more importantly, keep it in source control.
Attach the plugin to the build, although the goal would be like
'depend-check:check'. This plugin would consult with the datafile built
earlier and check that each local artifact matched what was used originally
for the build. If something doesn't match, you'll get an error and an
aborted build.
This has been asked before and would be a very useful plugin for some.
It should also be fairly easy to implement and I'm sure it would be
accepted into the Mojo sandbox.
--
Trygve
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
