Folks, I would appreciate some assistance in thinking through the implications of the use of version ranges.
As a thought experiment, consider a loosely-coupled collection of maven project, maintained with a semver discipline. Each component has dependencies, and those are written with ordinary dependency elements. No dependency management, no ranges. Maven will resolve version numbers, and the builds will be 100% reproducible. However, the resolution algorithm is not semver, it's doing the tree distance thing. So, to get semver semantics, I might consider adding ranges. However, and here I hope I'm confused, I just lost reproducibility. If someone adds a new version to the repository, a re-run of the build will select it if it satisfies the ranges. Rebuilding from the tag is not the same build. Am I missing something? Could it be that the release process somehow resolves the ranges and writes them into the poms? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
