[
https://issues.apache.org/jira/browse/MNG-6562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098718#comment-17098718
]
Herve Boutemy commented on MNG-6562:
------------------------------------
I'll have a look if that's easy to add this limitation of scope or not
but honestly, limiting the list of plugins is not the right approach: why let
people discover plugin by plugin that there is one single issue = they're using
some plugins versions defined in Maven core, and they will evolve over time in
the future given MNG-6169 (or they are very obsolete given our previous
strategy that was to keep versions stable since 3.0)
this warning just proves that there should be easy plugins versions lock: we
should IMHO more focus on providing easy fixes = official parent poms (or even
pluginManagement import) than limiting the scope of warning
> WARN if plugins injected by default lifecycle bindings don't have their
> version locked in pom.xml or parent
> -----------------------------------------------------------------------------------------------------------
>
> Key: MNG-6562
> URL: https://issues.apache.org/jira/browse/MNG-6562
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
> Affects Versions: 3.6.0
> Reporter: Herve Boutemy
> Assignee: Herve Boutemy
> Priority: Major
> Fix For: 3.7.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently, when building from a basic pom.xml:
> {code:xml}<project>
> <modelVersion>4.0.0</modelVersion>
> <groupId>com.mycompany.app</groupId>
> <artifactId>my-app</artifactId>
> <version>1.0-SNAPSHOT</version>
> </project>{code}
> many plugins are used, but their version is not locked by the user: the
> default plugins versions depend on Maven version used, which is not stable
> over different Maven versions.
> Adding a warning for this stability issue will help users know that they need
> to lock down plugins versions in their pom (or parent), something like:
> {noformat}[WARNING]
> [WARNING] Some problems were encountered while building the effective model
> for com.mycompany.app:my-app:jar:1.0-SNAPSHOT
> [WARNING] Version not locked for default bindings plugins
> [maven-install-plugin, maven-resources-plugin, maven-surefire-plugin,
> maven-compiler-plugin, maven-jar-plugin, maven-deploy-plugin,
> maven-site-plugin], you should define versions in pluginManagement section of
> your pom.xml or parent
> [WARNING]
> [WARNING] It is highly recommended to fix these problems because they
> threaten the stability of your build.
> [WARNING]
> [WARNING] For this reason, future Maven versions might no longer support
> building such malformed projects.{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
