Re: Auditing version ranges

2017-08-15 Thread Mark Raynsford
On 2017-08-15T13:23:17 + Thomas Broyer wrote: > Maven Enforcer Plugin's Require Upper Bound Dependencies might be enough > for your use-case (also notice there's a Require Release Dependencies rule > to prohibit snapshot dependencies) >

Re: Auditing version ranges

2017-08-15 Thread Thomas Broyer
Maven Enforcer Plugin's Require Upper Bound Dependencies might be enough for your use-case (also notice there's a Require Release Dependencies rule to prohibit snapshot dependencies) http://maven.apache.org/enforcer/enforcer-rules/requireUpperBoundDeps.html Le mar. 15 août 2017 12:06, Mark

Auditing version ranges

2017-08-15 Thread Mark Raynsford
Hello. I've recently been considering moving to byte-for-byte reproducible builds of my software packages. It seems fairly easy to get there via plugins such as the reproducible-build-maven-plugin [0] as long as the build isn't otherwise unreproducible, but one thing that I am unsure of is