Hi, On 11/23/06, Marcel May <[EMAIL PROTECTED]> wrote:
There is actually a quite firm policy that once a pom is uploaded to the repo it will not get changed again. Having a reproducible build can only be assured if the given pom is immutable. Also, I believe the pom once downloaded is not getting fetched again (except for SNAPSHOTs). Solution would be to publish eg '1.1.01' :-(
Yes, we'll probably solve the dependency issues incrementally as we make more releases. About the repository immutability rule - I've seen the repository owners being rather relaxed about this rule on some occasions. For example some of the Jackrabbit POMs were actually modified to have the javax.jcr dependency without even updating the associated MD5 sums or notifying me to update the PGP signature. I'm not totally happy with that but I understand the fine line between repository stability and validity they are maintaining. I've been trying to get a bit more involved with the repository maintenance to better understand the underlying issues and hopefully help improve also the Jackrabbit POM metadata. You're welcome to join [email protected] if you're also interested. BR, Jukka Zitting
