Oh hi Nils. Yeah well a compromise is reached. I would still support a ban
on <servers> tag in project-specific settings - more for enforcer.
Its just about maintaining good abstractions. "User settings" what should
that mean? Its basically the settings that a user doesn't want to commit.
You wanted "This is currently the only artifact repository that our build
pipelines can access, but developers will sometimes want to build a project
locally that requires other artifact repositories, e.g. a third-party
GitHub project or an experimental Proof of Concept project which requires
dependencies from a repository that hasn't been added to our in-company
artifact repository yet. A global settings file that defaults to our
private artifact repository would interfere with such local builds."
I just don't get the use case since I regularly make use of an alternative
repository configured in my user settings when I test maven pre-releases
<profile>
<id>stage</id>
<activation>
<property>
<name>stage</name>
</property>
</activation>
<repositories>
<repository>
<id>staging</id>
<name>Maven Staging</name>
<url>
https://repository.apache.org/content/repositories/maven-${stage}/</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>staging-plugin</id>
<name>Maven Staging</name>
<url>
https://repository.apache.org/content/repositories/maven-${stage}/</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
</settings>
When abstractions erode it becomes difficult to think. In this case though
the idea of user settings was never a strong one.
Delany
On Mon, 31 Jul 2023 at 18:44, Nils Breunese <[email protected]> wrote:
> Delany <[email protected]> wrote:
>
> > In any case, what repository on the Internet is configured to allow
> > anonymous uploads? The settings.xml must always be populated with
> <server>
> > credentials for a deployment to take place.
> > If you fear someone accidentally uploading artefacts to random repos then
> > "you're doing it wrong". Credential in settings.xml and managed manually
> or
> > someone other provisioning system = a good night sleep
> > That's why I'm not a fan of
> https://issues.apache.org/jira/browse/MNG-5659
>
> If you’re committing any file with credentials "you’re doing it wrong”.
> There are however also valid use cases for which project-specific settings
> are a very nice solution, so I’m happy it’s finally coming in Maven 4.
>
> Nils.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
