I am perfectly willing to stand corrected; I started this email thread to get some insight. I may have misheard Stephen over the noise of the other runners.
However, I will say that I don't like two aspects of this, and I wonder if they could be improved. The first is documentation. https://maven.apache.org/pom.html#Dependency_Management does not mention the locking semantics. It describes my ignorant understanding of the semantics: a notational convenience for DRY of <version> elements. Seems to me that it should have the real semantics, I'll take a look. The second is the ease of messing up. The maven-release project is set up as a ticking bomb under this regime. The project uses dependencyManagement to lock to a version; so if any dependency requires a newer version, the result is the explosion we have experienced. To me, this seems to call for a build-time warning: "You have locked plexus-utils to 3.0.10, but your dependency X calls for newer version 3.0.15'. Is that a thinkable behavior? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
