Hi, On Sun, Sep 20, 2009 at 10:19 PM, Marshall Schor <[email protected]> wrote: > After thinking about this for a while, and considering both methods, I > think the most reliable way to handle 3rd party Jars is to manually put > them into the lib/ directory, once, and then check the lib/ directory > into SVN. This avoids build issues in the future which could occur if > the Jar obtained from the maven dependency plugin is somehow corrupted, > or changes level, etc. Also, having the Jars in SVN insures that > whatever work we do to update the LICENSE/NOTICE files for those Jars > remains valid (because the Jar doesn't (potentially) change).
By policy non-SNAPSHOT artifact in the Maven repository never change, and each artifact is accompanied by checksums that guard against corruption. It's possible for a user to mess up the files in their local Maven repository, but it's probably just as likely that they'd mess up any files in ./lib. To me the proposed solution sounds like extra effort with little or no benefit. BR, Jukka Zitting
