-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. define sanity.
2. define validity. We have a tool out there right now that converts POMs from the m1 repository to the m2 repository, and does some meager checking on the XML/model validity of the POM on the way. HOWEVER, that's not the same as saying it checks that all of that POM's deps are in the repository. Reiterating what Emmanuel said, we do have plans to enhance this application and provide much more functionality...eventually. So far, we've been emphasizing the development and stability of m2 over this tool. If you'd like to log a specific issue, you might want to do so in the Maven Repository Manager project (MRM) in JIRA...if it's a specific POM you're having trouble with, you can do one of two things: 1. add an exclusions block to your dependency (useful for dom4j). This will work if the dependency has a dependency which is only used in certain cases, which you are not interested in. 2. file an issue in MEV (Maven Evangelism) JIRA, or enhance a current issue. If the POM is really bad (not just a bad build design on the part of dom4j or something), then we can only fix our copy and get in touch with the dom4j guys to fix it at the source. However, if for some reason that POM's filesystem timestamp changes in our staging repository, the same old problems will be re-propagated. This is because we consider the dependencies given by a project's development team in the POM to be authoritative by default. We're all pretty much aware that the metadata from the maven-1 repository is somewhat lacking, to say the least. Unfortunately, due to the decentralized control over the repository's contents (projects are supposed to be in control of their own information, as we cannot be experts on all projects we supply in the repository), I'm not at all convinced that there is an easier way to clean this stuff up. Of course, suggestions and help are both very welcome. :) - -john Vincent Massol wrote: > Hi there, > > There needs to be a big effort to clean the m2 repo of bad POMs (or missing > deps). I've told several people to try out m2 and they haven't been able to > use it because of this (for example try depending on dom4j in your own > project's POM). > > My question is: > > 1/ Do we have any tool to check the sanity of the current repo? > 2/ Do we have any tool in place that checks that an upload has a valid POM > so that we don't add invalid POMs again in the future? > > Thanks > -Vincent > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD4DBQFCzWJPK3h2CZwO/4URAmRwAJ9pEOX8E2xdbgUOfdONMRsW3lc7ZQCWKuAm tShqrIykk9Q7Kl8PTb85rQ== =mUqt -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
