-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think that such a drastic step will only serve to completely marginalize maven 2.x, and alienate users. Who would convert to using m2 if they first had to re-request uploads for the 10 dependencies they have?? While I agree that the repository information we currently have is inadequate and incomplete, such is life. When have you ever worked on a product revision/rewrite where you *didn't* have to deal with bad data? The answer is *never* to blow away everything you know and replace it with only the things you know to a perfect degree...you'd be re-creating your datastore with every new major version.
Also, to address your assertion about Maven 2.x's readiness for production - perhaps you noticed the -alpha-3 notation we've used on the latest release? ;) This software isn't perfect yet, and neither is the data it relies on...but we're working on it, and it *will* get better. Obviously, having naked poms isn't a good idea, but it will help users trying to migrate from maven 1.x (where they couldn't use the transitivity of dependencies anyway), and as these users attempt to trim their own dep lists, they can help us fix these bad poms. We cannot adopt the strategy of only putting perfect metadata into the repository, since our users need access to such a wide spectrum of libraries. Initially, for upgrading users, it will be better to have *some* access to these artifacts rather than clogging the MAVENUPLOAD project with re-requests. - -j Maczka Michal wrote: <snip/> > I the fact that repository is changing constantly is even worst then the > fact that some POMs are missing or are incorrect. > > I cannot imagine somebody using m2 in production and relaying on such > unstable repository which introduces indeterminism to builds. > It's just enough to change an order of dependencies in one of the POMs and > some builds might be broken or what's very serious > not possible to reproduce in the future. > >>From this perspective it might be better to have a smaller but high quality > repository which is growing then a big crappy repository containing > invalid POMs or "naked" POMs like that > (http://www.ibiblio.org/maven2/axis/axis/1.2/axis-1.2.pom): > > project> > <modelVersion>4.0.0</modelVersion> > <groupId>axis</groupId> > <artifactId>axis</artifactId> > <version>1.2</version> > </project> > > > IMO at least project description and license should be present in all POMs > in the repository. > It will be nice to have more things in those POMs (e.g. url of the main > website, organization section etc) > And unfortunately no tool can provide this information automatically. You > need many people to help you with that! > > > Michal > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCzqbPK3h2CZwO/4URApURAJ9YpBUWlFU4KJsD1p+3J5d/4HALtgCeI9iS 7a2AtOpduYGebUVd3YrxPZI= =nyW2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
