On 13 October 2015 at 15:14, Benson Margulies <[email protected]> wrote: > I am perfectly willing to stand corrected; I started this email thread > to get some insight. I may have misheard Stephen over the noise of the > other runners.
No that was collecting my son from school... even more noizy... ;-) I didn't want to start complicating things even more over a phone call (which trumps trying to do IRC chat over a phone BTW) by introducing scope=import into the mix and I couldn't see the source poms from my phone. > > However, I will say that I don't like two aspects of this, and I > wonder if they could be improved. > > The first is documentation. > > https://maven.apache.org/pom.html#Dependency_Management does not > mention the locking semantics. It describes my ignorant understanding > of the semantics: a notational convenience for DRY of <version> > elements. Seems to me that it should have the real semantics, I'll > take a look. > > The second is the ease of messing up. > > The maven-release project is set up as a ticking bomb under this > regime. The project uses dependencyManagement to lock to a version; so > if any dependency requires a newer version, the result is the > explosion we have experienced. To me, this seems to call for a > build-time warning: "You have locked plexus-utils to 3.0.10, but your > dependency X calls for newer version 3.0.15'. > > Is that a thinkable behavior? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
