Wow. Lots of questions! I ended up working around this by just writing a post build script that generates a build fingerprint of our .jars
I then commit the fingerprint. If a build changes the fingerprint then we can't push. It's kind of ugly but we unfortunately have a post build script anyway.... On Tue, Oct 13, 2015 at 1:15 PM, Wayne Fay <wayne...@gmail.com> wrote: > Forget transitive dependencies. Pretend you're back on Ant. All > artifacts must be declared. Leave nothing to chance. > > Declare all dependencies, including the ones you are currently > bringing in transitively, in your project's pom. > > Set all versions with [1.2.3] to "lock" them down. > > There may be another way to do this, but this is what I'd suggest to > start... > > Wayne > > On Tue, Oct 13, 2015 at 1:08 PM, Kevin Burton <bur...@spinn3r.com> wrote: > > I want to lock in the effective classpath for our releases. > > > > So if extra .jars or versions of .jars are changed, I want the build to > > fail until I manually approve it. > > > > For some reason, our version of cassandra regressed and broke on release. > > > > Still trying to track this down but in the future it would be nice to > just > > flat out prevent this from happening. > > > > Thoughts? > > > > -- > > > > We’re hiring if you know of any awesome Java Devops or Linux Operations > > Engineers! > > > > Founder/CEO Spinn3r.com > > Location: *San Francisco, CA* > > blog: http://burtonator.wordpress.com > > … or check out my Google+ profile > > <https://plus.google.com/102718274791889610666/posts> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > -- We’re hiring if you know of any awesome Java Devops or Linux Operations Engineers! Founder/CEO Spinn3r.com Location: *San Francisco, CA* blog: http://burtonator.wordpress.com … or check out my Google+ profile <https://plus.google.com/102718274791889610666/posts>
