Xavier, that would be fine if it every developer was a solo developer AND they only ever used libraries directly and never transitively. But both of those cases are clearly false.
Yes, the HoloEverywhere versions are only available via the repo they are publishing on Github. But that it much more visible and more reachable than the version that are being distributed by the Android team which are only visible once you have manually downloaded those versions via the SDK Manager and then manually deployed them to your local Maven repository. Maven GAVs are supposed to be unique. Once Maven finds a match it stops looking. So if the HoloEverywhere artifacts get into your repository first there is no chance of the real artifacts being downloaded (even if they were available on a public repo). Here's 2 ways that can happen: 1) You use a shared repository manager. Someone else has a project that explicitly references the HE GitHub repo and the HE artifacts. They build their project first and pollute the repository manager with the HE artifacts. 2) You use an Android library X. It (or one of its dependencies) lists an explicit reference to the HE Github repo. If you build a project using X before manually populating your Maven repo with the official support libraries you will have polluted your local Maven repo with the HE artifacts. So there really isn't any red flag. Even acting independently with best intent you have made yourself a unknowing victim. This could largely be avoided if the Android team just published the artifacts through normal channels. William On Fri, Aug 8, 2014 at 5:19 AM, Xavier Ducrohet <[email protected]> wrote: > Where are they getting published? > > If there were put on MavenCentral or JCenter that would be a problem but > it looks like they are just on github? Someone wanting to use them has to > go find them there, and that should be a red flag anyway. > > > On Thu, Aug 7, 2014 at 4:41 AM, William Ferguson < > [email protected]> wrote: > >> What's the Android team's stance on the non-official versions of the >> Android support libraries? >> >> Eg >> https://github.com/Prototik/HoloEverywhere/issues/842#issuecomment-49746122 >> >> These libraries have the same GAV (groupId, artifactId, version) as the >> official versions but have totally different contents. This means that the >> same project built on 2 different machines can produce radically different >> outputs (unbeknownst to the developers). Or even 2 libraries both listing >> the same dependency having very different needs and producing some >> nightmare when combined (again unbeknownst to the developer doing the >> combining). >> >> These libraries are being published in the com.android.* namespace, so >> appear to be official Android team libraries which means developers are >> going to start coming to you guys for support as things start to break down >> at the edges. If the Android team were actually publishing these artifacts >> into a public repository there wouldn't be a vacuum for incidents like this >> to occur. >> >> So what's the plan to stop this hole getting bigger and deeper? >> >> William >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "adt-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Xavier Ducrohet > Android SDK Tech Lead > Google Inc. > http://developer.android.com | http://tools.android.com > > Please do not send me questions directly. Thanks! > > -- > You received this message because you are subscribed to a topic in the > Google Groups "adt-dev" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/adt-dev/2hPuSUYttbg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "adt-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
