Hey everyone,
With PGP signing support, latest Tycho work and M2E extending PDE so
*.target files can refer/use dependencies from Maven Central directly will
prefer to use dependencies from Maven Central when updating to new versions
of libraries.
This would be done only when we update to a new version of libraries or the
dependency we use is no longer available in the latest Orbit build. When
Maven Central is not OSGi artifact  Orbit will be preferred.
>From releng POV it would simply remove the middle man (Orbit/EBR) as Tycho
automates what was achieved via EBR as an intermediate step to be part of
the regular build.
Extra benefits are:
* Eclipse will no longer ship modified version of upstream release (PGP
signature is in p2 metadata and not modifying the jar as jarsigner does)
* Eclipse will not longer ship bundles with symbolic names that do not
match upstream developers decision (as it happens with number of Orbit
artifacts)
* Version updates could be done in chunks rather than all changes at once
to work with latest Orbit

I strongly encourage other projects to take that path too for third party
dependencies.


-- 
Aleksandar Kurtakov
Red Hat Eclipse Team
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Reply via email to