On Wed, 2006-11-22 at 10:27 -0800, David Jencks wrote: ... > I think if you explicitly specify the version of every plugin you use > you won't need this. AFAIK existing published non-snapshot artifacts > haven't ever changed.... no matter what grevious errors they may have. > So, if you explicitly say which version you want, you will continue to > get it. > ...
Ideally, yes. However unfortunately this is not always true: (even) some Apache projects violate the principle of never modifying published releases. <rant> One example that bit me a few weeks ago: http://www.ibiblio.org/maven2/geronimo/geronimo-kernel/1.1/ As you can see, the timestamp of the POM is much newer than that of the corresponding jar. Worse, the updated POM is broken: it contains an incorrect <type>test</type> qualification (instead of *scope* test) for the geronimo-qname_1.1_spec dependency, causing your project to suddenly stop compiling. Even worse, the geronimo people don't appear to be concerned to fix this. They have corrected the trunk but not bothered to release that. </rant> But maven is not helpful either in situations like this: a project would either have to a) publish a correct POM for the same release, violating the principle of never modifying published releases (and probably breaking caching maven proxies that don't refresh POMs) or b) publish a new release, which means that al POMs of projects that depend on it need to be updated to the new release. To remedy this maven needs a more sophisticated dependency management. More like RPM for example. Just my 2 cents... Cheers, Bastiaan
