[
https://jira.codehaus.org/browse/MDEP-476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=360585#comment-360585
]
Henning Schmiedehausen commented on MDEP-476:
---------------------------------------------
Have you actually tried the examples that I showed you? The annotation problem
is just one of many. The example that I sent you (where you have two jars that
overlap, only provide annotations and you can not predict which jar will be
used for the annotations (yet you need both on the classpath because you do not
control the transitive dependencies). Just try it ojut.
I understand that simply excluding may not be "ideal". However, what you
suggest is building a large piece of code (scanning source code that you may or
may not have) to match a few more cases while the actual problem with e.g. the
findbugs:annotations and findbugs:jsr305 jars can not be solved that way.
The easiest way is to exclude these problematic dependencies. Every other
plugin for maven allows you to define exceptions. Any checker (findbugs, pmd,
checkstyle etc.) does. Only the dependency plugin has not such facility.
I do not understand. This is a few lines patch that solves an existing problem
completely, with integration tests and documentation. Are you saying that this
is not the right solution because it is not 100%? And unless we have a 100%
solution that will cover any corner case and is perfect in analyzing and
reasoning about arbitrary code, it is better to leave users in an unsolvable
state than applying a change that gives a way out?
> add the ability to ignore dependencies in the analyze-* goals
> -------------------------------------------------------------
>
> Key: MDEP-476
> URL: https://jira.codehaus.org/browse/MDEP-476
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 2.9
> Reporter: Henning Schmiedehausen
>
> The dependency plugin is an essential tool to keep any build sane and from
> going off the rails with stale and bad dependencies. However, there are the
> few very odd corner cases where a dependency must be on the class path to
> ensure compilation but it is not detectable from byte code.
> The most prominent example for this are the
> com.google.code.findbugs:annotations and com.google.code.findbugs:jsr305
> jars, which only contain annotations but very often lead to unresolvable
> compilation problems with both jars present on the classpath.
> The analyze goals should have facilities to
> - list dependencies that should be ignored if they are declared but unused
> - list dependencies that should be ignored if they are undeclared but used
> - list dependencies that should be ignored in either case.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
