Hey everyone, With PGP signing support, latest Tycho work and M2E extending PDE so *.target files can refer/use dependencies from Maven Central directly will prefer to use dependencies from Maven Central when updating to new versions of libraries. This would be done only when we update to a new version of libraries or the dependency we use is no longer available in the latest Orbit build. When Maven Central is not OSGi artifact Orbit will be preferred. >From releng POV it would simply remove the middle man (Orbit/EBR) as Tycho automates what was achieved via EBR as an intermediate step to be part of the regular build. Extra benefits are: * Eclipse will no longer ship modified version of upstream release (PGP signature is in p2 metadata and not modifying the jar as jarsigner does) * Eclipse will not longer ship bundles with symbolic names that do not match upstream developers decision (as it happens with number of Orbit artifacts) * Version updates could be done in chunks rather than all changes at once to work with latest Orbit
I strongly encourage other projects to take that path too for third party dependencies. -- Aleksandar Kurtakov Red Hat Eclipse Team
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev