>>>>> Robert Varga <n...@hq.sk>: > One thing that strikes me is "Bill of Materials" as perceived by karaf-bom.
> As it currently stands, karaf-bom includes all declarations of > karaf.git/pom.xml. > As I understand the bill-of-materials concept under Maven, it should > only list artifacts provided by a particular project, nothing more, > nothing less. [snip!] > Is it fair to align karaf-bom with the above expectation (and hence > not leak things like org.slfj4.api's version)? Note that while I'm the one who originally requested a karaf BOM, and probably its first user, I have never actually looked at what it does. :-) But so far it has worked for me. I use it to set versions of the dependencies I actually use. However, "leaking things" rang a bell with me. For one of my projects I ended up restructuring the entire project, moving the current top pom down one level and create a new top level with two maven modules: a BOM and the project proper https://github.com/steinarb/authservice : authservice/ authservice/pom.xml authservice/authservice-bom/ authservice/authservice-bom/pom.xml authservice/authservice/ authservice/authservice/pom.xml The reason for this reorganization was to keep versions set by imported BOMs from leaking out into the BOM my project provides.
