[ https://jira.codehaus.org/browse/MDEP-476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=360585#comment-360585 ]
Henning Schmiedehausen commented on MDEP-476: --------------------------------------------- Have you actually tried the examples that I showed you? The annotation problem is just one of many. The example that I sent you (where you have two jars that overlap, only provide annotations and you can not predict which jar will be used for the annotations (yet you need both on the classpath because you do not control the transitive dependencies). Just try it ojut. I understand that simply excluding may not be "ideal". However, what you suggest is building a large piece of code (scanning source code that you may or may not have) to match a few more cases while the actual problem with e.g. the findbugs:annotations and findbugs:jsr305 jars can not be solved that way. The easiest way is to exclude these problematic dependencies. Every other plugin for maven allows you to define exceptions. Any checker (findbugs, pmd, checkstyle etc.) does. Only the dependency plugin has not such facility. I do not understand. This is a few lines patch that solves an existing problem completely, with integration tests and documentation. Are you saying that this is not the right solution because it is not 100%? And unless we have a 100% solution that will cover any corner case and is perfect in analyzing and reasoning about arbitrary code, it is better to leave users in an unsolvable state than applying a change that gives a way out? > add the ability to ignore dependencies in the analyze-* goals > ------------------------------------------------------------- > > Key: MDEP-476 > URL: https://jira.codehaus.org/browse/MDEP-476 > Project: Maven Dependency Plugin > Issue Type: New Feature > Components: analyze > Affects Versions: 2.9 > Reporter: Henning Schmiedehausen > > The dependency plugin is an essential tool to keep any build sane and from > going off the rails with stale and bad dependencies. However, there are the > few very odd corner cases where a dependency must be on the class path to > ensure compilation but it is not detectable from byte code. > The most prominent example for this are the > com.google.code.findbugs:annotations and com.google.code.findbugs:jsr305 > jars, which only contain annotations but very often lead to unresolvable > compilation problems with both jars present on the classpath. > The analyze goals should have facilities to > - list dependencies that should be ignored if they are declared but unused > - list dependencies that should be ignored if they are undeclared but used > - list dependencies that should be ignored in either case. -- This message was sent by Atlassian JIRA (v6.1.6#6162)