Hi, Karl, Thanks for your comments.
I did dig into requireNoRepositories.html, the purpose for that rule is: detect whether pom and pom’s parents contains repositories definition. That make sense to guide users to use correct convention (not define repositories in pom files). But “BannedRepositories” is different purpose, it’s just like “BannedDependencies”. This rule is major for those “maven repository migration” case. Some users used to have old repositories, those repositories might be defined in pom.xml or settings.xml. This rule could benefit on these cases a lot. It will detect banned repositories from maven session context instead of only pom.xml and parents. After all, requireNoRepositories.html is trying to help users to follow correct maven convention. but “BannedRepositories” is trying to avoid misuse incorrect repositories. Especially in enterprise environment. Regards Simon On May 29, 2014, at 7:21 PM, Karl Heinz Marbaise <[email protected]> wrote: > Hi Simon, > > > I have taken a look into your suggestions ....I have a couple of thoughts > about it ... > > First there exists already a rule to avoid repositories > (http://maven.apache.org/enforcer/enforcer-rules/requireNoRepositories.html) > which can be used and is has an option > to allow particular repositories by using a white-list of allowed repository > based on the repository id. > > like this: > > <requireNoRepositories> > <allowedRepositories> > <allowedRepository>codehausSnapshots</allowedRepository> > </allowedRepositories> > ... > </requireNoRepositories> > > > So the question is why adding a complete new rule instead of enhancing the > existing by your idea using the url as identification for the repository > which i think is a really good idea...so users are not able to forge the > repository they use by using a different id only the url is used to identify > the allowed repositories. > > > Kind regards > Karl-Heinz Marbaise > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
