On 2010-05-08 12:16, Benjamin Bentmann wrote: > Dennis Lundberg wrote: > >> 2. The commit for MSHARED-148 in r940609 upgraded plexus-utils to >> version 2.0.5. [...] This means that the Maven prerequisites (and >> therefor the Maven >> dependencies) must be bumped to 2.0.6 > > Some might consider this hair-splitting but I would like to clarify that > "must be" is technically not appropriate here to prevent wrong > half-knowledge. The purpose of prerequisites/maven is to guide the > automatic plugin version resolution to not pick plugin versions that are > incompatible with Maven. As such, Maven only checks the <prerequisite> > of the plugin POM, not any of its dependencies. > > So other than preventing to build maven-archiver with Maven 2.0.5- > (which generally should better be ensured by the Enforcer Plugin), the > <prerequisites> tag in non maven-plugin POMs has at best a documenting > character.
Yes, you are of course correct here Benjamin. I meant for the prerequisite to be documentational for the consuming plugins. > Admittedly a made-up scenario, but it's perfectly valid for a plugin to > depend on maven-archiver:2.4.1 and plexus-utils:1.1, thereby supporting > a prerequisite of Maven 2.0.5-. > > In the end, it is the plugin POM that controls the version of > plexus-utils being used and hence the Maven prerequisite. > > Also, there is no strict requirement that the version of Maven > dependencies matches the <prerequisite>. As a best practice, a plugin > should not depend on newer dependency versions than its prerequisite as > this bears the risk of unintentionally compiling against some API bits > that aren't present in the targetted minimum Maven runtime version. But > I don't see any direct harm in using dependencies with a lower version > than the prerequisite. The harm that I see is the maven-downloads-the-entire-internet discussion that occurs from time to time. Synchronizing the maven core dependency versions with the prerequisite makes this less of a problem, especially since many of our plugins nowadays have Maven 2.0.6 as their minimum requirement. If many plugins use the same version of Maven core dependencies, then Maven doesn't have to download all that many artifact when starting out with an empty local repository. > While considering the dependency tree of a plugin, just a reminder that > the changes for MSHARED-148 aren't effective in plugins if those have > nearer dependencies on older versions of the affected libraries. So just > updating to maven-archiver:2.4.1 alone might not be sufficient to solve > the underlying concurrency issues. > > > Benjamin > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Dennis Lundberg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
