Anyone? On Wednesday 05 October 2011 Martin Höller wrote: > Hi! > > What is the expected behaviour if a configured repository mirror is not > reachable? It seems maven 2.2.1 tries to contact to original repository > server, which is absolutely not what I want! > > Here are some details and background information: We have a repository > manager (nexus) set up to serve all artifacts. Every user has it > configured in .m2/settings.xml like this (hostname changed): > > <mirrors> > <mirror> > <id>nexus-repo</id> > <name>Internal Maven Repository</name> > > <url>http://nexus.mycompany.net:8080/nexus/content/groups/public/</url> > <mirrorOf>*</mirrorOf> > </mirror> > </mirrors> > > Recently we had a problem on this server, so that nexus was not > reachable. If one tried to build a project during this time, maven > silently downloaded artifacts from the internet. We only noticed this, > because one remote repository returned a 404 HTML page, which led to an > invalid pom.xml. No other errors and no warnings. > > This is IMHO really bad behaviour, because you can get JARs into your > local repository from an untrusted source without notifying it! > > The only related information I could find was MNG-714. But this doesn't > say anything about maven's behaviour. > > Did anybody else notice this behaviour? Is it expected? How could I > configure Maven to report an error instead of going out to the internet? > > The problem occured with maven 2.2.1. I didn't test it with maven 3. > > Any thoughts? > - martin
signature.asc
Description: This is a digitally signed message part.