OK, I retract my doc comment in part: "In addition, the version and scope of artifacts which are incorporated from transitive dependencies may also be controlled by specifying them in a dependency management section." is hinting at reality, but I think it could be made much stronger; the difference between 'all 12 modules say version=N' and 'the parent has depManagement that says N' needs to be cast into higher relief.
On Tue, Oct 13, 2015 at 10:14 AM, Benson Margulies <bimargul...@gmail.com> wrote: > I am perfectly willing to stand corrected; I started this email thread > to get some insight. I may have misheard Stephen over the noise of the > other runners. > > However, I will say that I don't like two aspects of this, and I > wonder if they could be improved. > > The first is documentation. > > https://maven.apache.org/pom.html#Dependency_Management does not > mention the locking semantics. It describes my ignorant understanding > of the semantics: a notational convenience for DRY of <version> > elements. Seems to me that it should have the real semantics, I'll > take a look. > > The second is the ease of messing up. > > The maven-release project is set up as a ticking bomb under this > regime. The project uses dependencyManagement to lock to a version; so > if any dependency requires a newer version, the result is the > explosion we have experienced. To me, this seems to call for a > build-time warning: "You have locked plexus-utils to 3.0.10, but your > dependency X calls for newer version 3.0.15'. > > Is that a thinkable behavior? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
