I created a jira for this and will attempt a scan through existing issues to see how many might be related to this.
So far we've started to go off on tangential other ideas which is good for 2.1, but I haven't seen any showstopper reason why this could actually hurt anyone. -----Original Message----- From: Jason van Zyl [mailto:[EMAIL PROTECTED] Sent: Saturday, February 09, 2008 2:26 PM To: Maven Developers List Subject: Re: Plugin Versions in the Super pom On 9-Feb-08, at 12:31 PM, Benjamin Bentmann wrote: >> I think the idea of specifying versions in the "super pom" is >> pointless. Stability for a given release of maven is not particularly >> useful when many users are using different versions of maven to build >> something. > > I think it's common sense that the proposed lock down in the super > POM is not the final solution and was not intended as such. Exactly, it's a practical means to a short term end that helps with the average, new, inexperienced user. > Reproducible builds require the user himself to lock the plugin > versions in his own (corporate) POM, nobody else can do this. > > The changes to the super POM are all about improving (not solving) > the current situation for Maven 2.0.x. If we can agree on the > assumption that there are less different versions of Maven in use > than local repositories existent among the developers, the additions > in the super POM help to improve build reproducibility. > >> It would be much more useful for maven 2.0.9 to simply *warn* when a >> plugin is found without a version. That's better than trying to >> "advertise" best practice via the maven website. Better yet, have it >> fail the build unless some kind of "override" option is present on >> the >> command-line. > > For the sake of backward-compatibility within the 2.0.x development > line, one surely would not want to break the build here. > >> What I have found difficult is determining whether things *have* all >> been locked down or whether something has been missed. > > You could run > mvn clean deploy site-deploy -U > and grep for "checking for updates" in the log output. > > Regards, > > > Benjamin Bentmann > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder, Apache Maven jason at sonatype dot com ---------------------------------------------------------- Selfish deeds are the shortest path to self destruction. -- The Seven Samuari, Akira Kirosawa --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
