gnodet commented on issue #11391: URL: https://github.com/apache/maven/issues/11391#issuecomment-3501154267
> [@gnodet](https://github.com/gnodet) , I have read the proposal again, and I do not see user story in it. In other words, I do not see what would really change for the end-user if they flip the added `directDependencyStrategy` setting. It would be great if you could clarify the end-to-end flow Given this is a breaking change, the idea is to let the user opt-in by changing using the maven configuration property in `.mvn/maven.properties` or by setting the `directDependencyStrategy="flexible"` globally on the `project` element. The flag could also be changed in `~/.mvn/maven.properties` or `$MAVEN_HOME/conf/maven.properties` to have a global effect for all projects. A possible (but optional) enhancement would be to make the flag available for each dependency as stated in the original proposal, but this would require much more change (first in the POM object model, then in the resolver), while the global flag should be implementable only in Maven. Once the user switches to `flexible`, the direct dependencies would be subject to conflict resolution. They are currently excluded, per the rule that, if the user explicitly specifies a version for a given dependency, that one should be honored. So basically direct dependencies always win during conflict resolution. So in your original `mvn-mediation` use case, we have `lib-a` depending on `guice:5.0.1, `lib-b` depending on `guice:3.0`, `example-application` depending on `lib-a`, `lib-b` and `guice:3.0`. With the current behaviour, `example-application` has a direct dependency on `guice:3.0`, so that version wins. If the user switches the project to use `flexible`, the direct dependency suddenly becomes subject to dependency resolution. Changing `directDependencyStrategy ` only would not really change the output of the resolution, since the default version conflict resolution favours the dependencies closer to the top of the tree. However, if the user also changes the conflict resolution to use `highest`, then, the direct dependency would be subject to higher policy conflict resolution and would be switched to `guice:5.0.1`. So this has to be coupled with selecting the highest version, else, there's not much point. Given the flag only affects direct dependencies, this means that when a library is consumed by another project, the dependencies of the libraries become transitive dependencies, and the flag no longer apply. It thus becomes completely useless, which is a good thing, as it allows Maven to remove it from the consumer POM, since consumer POMs have a 4.0.0 model, and the flag could not be included anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
